Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 1486946 Details for
Bug 1619689
Ship profile in line with OSPP v4.2
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
State of profile ospp42
rep.ospp42.html (text/html), 1.25 MB, created by
Marek Haicman
on 2018-09-25 23:24:08 UTC
(
hide
)
Description:
State of profile ospp42
Filename:
MIME Type:
Creator:
Marek Haicman
Created:
2018-09-25 23:24:08 UTC
Size:
1.25 MB
patch
obsolete
><!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta charset="utf-8"></meta><meta http-equiv="X-UA-Compatible" content="IE=edge"></meta><meta name="viewport" content="width=device-width, initial-scale=1"></meta><title>xccdf_org.open-scap_testresult_xccdf_org.ssgproject.content_profile_ospp42 | OpenSCAP Evaluation Report</title><style> >/*! > * Bootstrap v3.3.7 (http://getbootstrap.com) > * Copyright 2011-2016 Twitter, Inc. > * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) > */ > >/*! > * Generated using the Bootstrap Customizer (https://getbootstrap.com/customize/?id=8160adef040364fa8f688f6065765caf) > * Config saved to config.json and https://gist.github.com/8160adef040364fa8f688f6065765caf > *//*! > * Bootstrap v3.3.7 (http://getbootstrap.com) > * Copyright 2011-2016 Twitter, Inc. > * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) > *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:0.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace, monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button,select{text-transform:none}button,html input[type="button"],input[type="reset"],input[type="submit"]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}input{line-height:normal}input[type="checkbox"],input[type="radio"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;padding:0}input[type="number"]::-webkit-inner-spin-button,input[type="number"]::-webkit-outer-spin-button{height:auto}input[type="search"]{-webkit-appearance:textfield;-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box}input[type="search"]::-webkit-search-cancel-button,input[type="search"]::-webkit-search-decoration{-webkit-appearance:none}fieldset{border:1px solid #c0c0c0;margin:0 2px;padding:0.35em 0.625em 0.75em}legend{border:0;padding:0}textarea{overflow:auto}optgroup{font-weight:bold}table{border-collapse:collapse;border-spacing:0}td,th{padding:0}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@media print{*,*:before,*:after{background:transparent !important;color:#000 !important;-webkit-box-shadow:none !important;box-shadow:none !important;text-shadow:none !important}a,a:visited{text-decoration:underline}a[href]:after{content:" (" attr(href) ")"}abbr[title]:after{content:" (" attr(title) ")"}a[href^="#"]:after,a[href^="javascript:"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100% !important}p,h2,h3{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}.btn>.caret,.dropup>.btn>.caret{border-top-color:#000 !important}.label{border:1px solid #000}.table{border-collapse:collapse !important}.table td,.table th{background-color:#fff !important}.table-bordered th,.table-bordered td{border:1px solid #ddd !important}}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}*:before,*:after{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:10px;-webkit-tap-highlight-color:rgba(0,0,0,0)}body{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:1.42857143;color:#333;background-color:#fff}input,button,select,textarea{font-family:inherit;font-size:inherit;line-height:inherit}a{color:#428bca;text-decoration:none}a:hover,a:focus{color:#2a6496;text-decoration:underline}a:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}figure{margin:0}img{vertical-align:middle}.img-responsive{display:block;max-width:100%;height:auto}.img-rounded{border-radius:6px}.img-thumbnail{padding:4px;line-height:1.42857143;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;-o-transition:all .2s ease-in-out;transition:all .2s ease-in-out;display:inline-block;max-width:100%;height:auto}.img-circle{border-radius:50%}hr{margin-top:20px;margin-bottom:20px;border:0;border-top:1px solid #eee}.sr-only{position:absolute;width:1px;height:1px;margin:-1px;padding:0;overflow:hidden;clip:rect(0, 0, 0, 0);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;margin:0;overflow:visible;clip:auto}[role="button"]{cursor:pointer}h1,h2,h3,h4,h5,h6,.h1,.h2,.h3,.h4,.h5,.h6{font-family:inherit;font-weight:500;line-height:1.1;color:inherit}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small,.h1 small,.h2 small,.h3 small,.h4 small,.h5 small,.h6 small,h1 .small,h2 .small,h3 .small,h4 .small,h5 .small,h6 .small,.h1 .small,.h2 .small,.h3 .small,.h4 .small,.h5 .small,.h6 .small{font-weight:normal;line-height:1;color:#777}h1,.h1,h2,.h2,h3,.h3{margin-top:20px;margin-bottom:10px}h1 small,.h1 small,h2 small,.h2 small,h3 small,.h3 small,h1 .small,.h1 .small,h2 .small,.h2 .small,h3 .small,.h3 .small{font-size:65%}h4,.h4,h5,.h5,h6,.h6{margin-top:10px;margin-bottom:10px}h4 small,.h4 small,h5 small,.h5 small,h6 small,.h6 small,h4 .small,.h4 .small,h5 .small,.h5 .small,h6 .small,.h6 .small{font-size:75%}h1,.h1{font-size:36px}h2,.h2{font-size:30px}h3,.h3{font-size:24px}h4,.h4{font-size:18px}h5,.h5{font-size:14px}h6,.h6{font-size:12px}p{margin:0 0 10px}.lead{margin-bottom:20px;font-size:16px;font-weight:300;line-height:1.4}@media (min-width:768px){.lead{font-size:21px}}small,.small{font-size:85%}mark,.mark{background-color:#fcf8e3;padding:.2em}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}.text-justify{text-align:justify}.text-nowrap{white-space:nowrap}.text-lowercase{text-transform:lowercase}.text-uppercase{text-transform:uppercase}.text-capitalize{text-transform:capitalize}.text-muted{color:#777}.text-primary{color:#428bca}a.text-primary:hover,a.text-primary:focus{color:#3071a9}.text-success{color:#3c763d}a.text-success:hover,a.text-success:focus{color:#2b542c}.text-info{color:#31708f}a.text-info:hover,a.text-info:focus{color:#245269}.text-warning{color:#8a6d3b}a.text-warning:hover,a.text-warning:focus{color:#66512c}.text-danger{color:#a94442}a.text-danger:hover,a.text-danger:focus{color:#843534}.bg-primary{color:#fff;background-color:#428bca}a.bg-primary:hover,a.bg-primary:focus{background-color:#3071a9}.bg-success{background-color:#dff0d8}a.bg-success:hover,a.bg-success:focus{background-color:#c1e2b3}.bg-info{background-color:#d9edf7}a.bg-info:hover,a.bg-info:focus{background-color:#afd9ee}.bg-warning{background-color:#fcf8e3}a.bg-warning:hover,a.bg-warning:focus{background-color:#f7ecb5}.bg-danger{background-color:#f2dede}a.bg-danger:hover,a.bg-danger:focus{background-color:#e4b9b9}.page-header{padding-bottom:9px;margin:40px 0 20px;border-bottom:1px solid #eee}ul,ol{margin-top:0;margin-bottom:10px}ul ul,ol ul,ul ol,ol ol{margin-bottom:0}.list-unstyled{padding-left:0;list-style:none}.list-inline{padding-left:0;list-style:none;margin-left:-5px}.list-inline>li{display:inline-block;padding-left:5px;padding-right:5px}dl{margin-top:0;margin-bottom:20px}dt,dd{line-height:1.42857143}dt{font-weight:bold}dd{margin-left:0}@media (min-width:768px){.dl-horizontal dt{float:left;width:160px;clear:left;text-align:right;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}}abbr[title],abbr[data-original-title]{cursor:help;border-bottom:1px dotted #777}.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:10px 20px;margin:0 0 20px;font-size:17.5px;border-left:5px solid #eee}blockquote p:last-child,blockquote ul:last-child,blockquote ol:last-child{margin-bottom:0}blockquote footer,blockquote small,blockquote .small{display:block;font-size:80%;line-height:1.42857143;color:#777}blockquote footer:before,blockquote small:before,blockquote .small:before{content:'\2014 \00A0'}.blockquote-reverse,blockquote.pull-right{padding-right:15px;padding-left:0;border-right:5px solid #eee;border-left:0;text-align:right}.blockquote-reverse footer:before,blockquote.pull-right footer:before,.blockquote-reverse small:before,blockquote.pull-right small:before,.blockquote-reverse .small:before,blockquote.pull-right .small:before{content:''}.blockquote-reverse footer:after,blockquote.pull-right footer:after,.blockquote-reverse small:after,blockquote.pull-right small:after,.blockquote-reverse .small:after,blockquote.pull-right .small:after{content:'\00A0 \2014'}address{margin-bottom:20px;font-style:normal;line-height:1.42857143}code,kbd,pre,samp{font-family:Menlo,Monaco,Consolas,"Courier New",monospace}code{padding:2px 4px;font-size:90%;color:#c7254e;background-color:#f9f2f4;border-radius:4px}kbd{padding:2px 4px;font-size:90%;color:#fff;background-color:#333;border-radius:3px;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.25);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.25)}kbd kbd{padding:0;font-size:100%;font-weight:bold;-webkit-box-shadow:none;box-shadow:none}pre{display:block;padding:9.5px;margin:0 0 10px;font-size:13px;line-height:1.42857143;word-break:break-all;word-wrap:break-word;color:#333;background-color:#f5f5f5;border:1px solid #ccc;border-radius:4px}pre code{padding:0;font-size:inherit;color:inherit;white-space:pre-wrap;background-color:transparent;border-radius:0}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}@media (min-width:768px){.container{width:750px}}@media (min-width:992px){.container{width:970px}}@media (min-width:1200px){.container{width:1170px}}.container-fluid{margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}.row{margin-left:-15px;margin-right:-15px}.col-xs-1, .col-sm-1, .col-md-1, .col-lg-1, .col-xs-2, .col-sm-2, .col-md-2, .col-lg-2, .col-xs-3, .col-sm-3, .col-md-3, .col-lg-3, .col-xs-4, .col-sm-4, .col-md-4, .col-lg-4, .col-xs-5, .col-sm-5, .col-md-5, .col-lg-5, .col-xs-6, .col-sm-6, .col-md-6, .col-lg-6, .col-xs-7, .col-sm-7, .col-md-7, .col-lg-7, .col-xs-8, .col-sm-8, .col-md-8, .col-lg-8, .col-xs-9, .col-sm-9, .col-md-9, .col-lg-9, .col-xs-10, .col-sm-10, .col-md-10, .col-lg-10, .col-xs-11, .col-sm-11, .col-md-11, .col-lg-11, .col-xs-12, .col-sm-12, .col-md-12, .col-lg-12{position:relative;min-height:1px;padding-left:15px;padding-right:15px}.col-xs-1, .col-xs-2, .col-xs-3, .col-xs-4, .col-xs-5, .col-xs-6, .col-xs-7, .col-xs-8, .col-xs-9, .col-xs-10, .col-xs-11, .col-xs-12{float:left}.col-xs-12{width:100%}.col-xs-11{width:91.66666667%}.col-xs-10{width:83.33333333%}.col-xs-9{width:75%}.col-xs-8{width:66.66666667%}.col-xs-7{width:58.33333333%}.col-xs-6{width:50%}.col-xs-5{width:41.66666667%}.col-xs-4{width:33.33333333%}.col-xs-3{width:25%}.col-xs-2{width:16.66666667%}.col-xs-1{width:8.33333333%}.col-xs-pull-12{right:100%}.col-xs-pull-11{right:91.66666667%}.col-xs-pull-10{right:83.33333333%}.col-xs-pull-9{right:75%}.col-xs-pull-8{right:66.66666667%}.col-xs-pull-7{right:58.33333333%}.col-xs-pull-6{right:50%}.col-xs-pull-5{right:41.66666667%}.col-xs-pull-4{right:33.33333333%}.col-xs-pull-3{right:25%}.col-xs-pull-2{right:16.66666667%}.col-xs-pull-1{right:8.33333333%}.col-xs-pull-0{right:auto}.col-xs-push-12{left:100%}.col-xs-push-11{left:91.66666667%}.col-xs-push-10{left:83.33333333%}.col-xs-push-9{left:75%}.col-xs-push-8{left:66.66666667%}.col-xs-push-7{left:58.33333333%}.col-xs-push-6{left:50%}.col-xs-push-5{left:41.66666667%}.col-xs-push-4{left:33.33333333%}.col-xs-push-3{left:25%}.col-xs-push-2{left:16.66666667%}.col-xs-push-1{left:8.33333333%}.col-xs-push-0{left:auto}.col-xs-offset-12{margin-left:100%}.col-xs-offset-11{margin-left:91.66666667%}.col-xs-offset-10{margin-left:83.33333333%}.col-xs-offset-9{margin-left:75%}.col-xs-offset-8{margin-left:66.66666667%}.col-xs-offset-7{margin-left:58.33333333%}.col-xs-offset-6{margin-left:50%}.col-xs-offset-5{margin-left:41.66666667%}.col-xs-offset-4{margin-left:33.33333333%}.col-xs-offset-3{margin-left:25%}.col-xs-offset-2{margin-left:16.66666667%}.col-xs-offset-1{margin-left:8.33333333%}.col-xs-offset-0{margin-left:0}@media (min-width:768px){.col-sm-1, .col-sm-2, .col-sm-3, .col-sm-4, .col-sm-5, .col-sm-6, .col-sm-7, .col-sm-8, .col-sm-9, .col-sm-10, .col-sm-11, .col-sm-12{float:left}.col-sm-12{width:100%}.col-sm-11{width:91.66666667%}.col-sm-10{width:83.33333333%}.col-sm-9{width:75%}.col-sm-8{width:66.66666667%}.col-sm-7{width:58.33333333%}.col-sm-6{width:50%}.col-sm-5{width:41.66666667%}.col-sm-4{width:33.33333333%}.col-sm-3{width:25%}.col-sm-2{width:16.66666667%}.col-sm-1{width:8.33333333%}.col-sm-pull-12{right:100%}.col-sm-pull-11{right:91.66666667%}.col-sm-pull-10{right:83.33333333%}.col-sm-pull-9{right:75%}.col-sm-pull-8{right:66.66666667%}.col-sm-pull-7{right:58.33333333%}.col-sm-pull-6{right:50%}.col-sm-pull-5{right:41.66666667%}.col-sm-pull-4{right:33.33333333%}.col-sm-pull-3{right:25%}.col-sm-pull-2{right:16.66666667%}.col-sm-pull-1{right:8.33333333%}.col-sm-pull-0{right:auto}.col-sm-push-12{left:100%}.col-sm-push-11{left:91.66666667%}.col-sm-push-10{left:83.33333333%}.col-sm-push-9{left:75%}.col-sm-push-8{left:66.66666667%}.col-sm-push-7{left:58.33333333%}.col-sm-push-6{left:50%}.col-sm-push-5{left:41.66666667%}.col-sm-push-4{left:33.33333333%}.col-sm-push-3{left:25%}.col-sm-push-2{left:16.66666667%}.col-sm-push-1{left:8.33333333%}.col-sm-push-0{left:auto}.col-sm-offset-12{margin-left:100%}.col-sm-offset-11{margin-left:91.66666667%}.col-sm-offset-10{margin-left:83.33333333%}.col-sm-offset-9{margin-left:75%}.col-sm-offset-8{margin-left:66.66666667%}.col-sm-offset-7{margin-left:58.33333333%}.col-sm-offset-6{margin-left:50%}.col-sm-offset-5{margin-left:41.66666667%}.col-sm-offset-4{margin-left:33.33333333%}.col-sm-offset-3{margin-left:25%}.col-sm-offset-2{margin-left:16.66666667%}.col-sm-offset-1{margin-left:8.33333333%}.col-sm-offset-0{margin-left:0}}@media (min-width:992px){.col-md-1, .col-md-2, .col-md-3, .col-md-4, .col-md-5, .col-md-6, .col-md-7, .col-md-8, .col-md-9, .col-md-10, .col-md-11, .col-md-12{float:left}.col-md-12{width:100%}.col-md-11{width:91.66666667%}.col-md-10{width:83.33333333%}.col-md-9{width:75%}.col-md-8{width:66.66666667%}.col-md-7{width:58.33333333%}.col-md-6{width:50%}.col-md-5{width:41.66666667%}.col-md-4{width:33.33333333%}.col-md-3{width:25%}.col-md-2{width:16.66666667%}.col-md-1{width:8.33333333%}.col-md-pull-12{right:100%}.col-md-pull-11{right:91.66666667%}.col-md-pull-10{right:83.33333333%}.col-md-pull-9{right:75%}.col-md-pull-8{right:66.66666667%}.col-md-pull-7{right:58.33333333%}.col-md-pull-6{right:50%}.col-md-pull-5{right:41.66666667%}.col-md-pull-4{right:33.33333333%}.col-md-pull-3{right:25%}.col-md-pull-2{right:16.66666667%}.col-md-pull-1{right:8.33333333%}.col-md-pull-0{right:auto}.col-md-push-12{left:100%}.col-md-push-11{left:91.66666667%}.col-md-push-10{left:83.33333333%}.col-md-push-9{left:75%}.col-md-push-8{left:66.66666667%}.col-md-push-7{left:58.33333333%}.col-md-push-6{left:50%}.col-md-push-5{left:41.66666667%}.col-md-push-4{left:33.33333333%}.col-md-push-3{left:25%}.col-md-push-2{left:16.66666667%}.col-md-push-1{left:8.33333333%}.col-md-push-0{left:auto}.col-md-offset-12{margin-left:100%}.col-md-offset-11{margin-left:91.66666667%}.col-md-offset-10{margin-left:83.33333333%}.col-md-offset-9{margin-left:75%}.col-md-offset-8{margin-left:66.66666667%}.col-md-offset-7{margin-left:58.33333333%}.col-md-offset-6{margin-left:50%}.col-md-offset-5{margin-left:41.66666667%}.col-md-offset-4{margin-left:33.33333333%}.col-md-offset-3{margin-left:25%}.col-md-offset-2{margin-left:16.66666667%}.col-md-offset-1{margin-left:8.33333333%}.col-md-offset-0{margin-left:0}}@media (min-width:1200px){.col-lg-1, .col-lg-2, .col-lg-3, .col-lg-4, .col-lg-5, .col-lg-6, .col-lg-7, .col-lg-8, .col-lg-9, .col-lg-10, .col-lg-11, .col-lg-12{float:left}.col-lg-12{width:100%}.col-lg-11{width:91.66666667%}.col-lg-10{width:83.33333333%}.col-lg-9{width:75%}.col-lg-8{width:66.66666667%}.col-lg-7{width:58.33333333%}.col-lg-6{width:50%}.col-lg-5{width:41.66666667%}.col-lg-4{width:33.33333333%}.col-lg-3{width:25%}.col-lg-2{width:16.66666667%}.col-lg-1{width:8.33333333%}.col-lg-pull-12{right:100%}.col-lg-pull-11{right:91.66666667%}.col-lg-pull-10{right:83.33333333%}.col-lg-pull-9{right:75%}.col-lg-pull-8{right:66.66666667%}.col-lg-pull-7{right:58.33333333%}.col-lg-pull-6{right:50%}.col-lg-pull-5{right:41.66666667%}.col-lg-pull-4{right:33.33333333%}.col-lg-pull-3{right:25%}.col-lg-pull-2{right:16.66666667%}.col-lg-pull-1{right:8.33333333%}.col-lg-pull-0{right:auto}.col-lg-push-12{left:100%}.col-lg-push-11{left:91.66666667%}.col-lg-push-10{left:83.33333333%}.col-lg-push-9{left:75%}.col-lg-push-8{left:66.66666667%}.col-lg-push-7{left:58.33333333%}.col-lg-push-6{left:50%}.col-lg-push-5{left:41.66666667%}.col-lg-push-4{left:33.33333333%}.col-lg-push-3{left:25%}.col-lg-push-2{left:16.66666667%}.col-lg-push-1{left:8.33333333%}.col-lg-push-0{left:auto}.col-lg-offset-12{margin-left:100%}.col-lg-offset-11{margin-left:91.66666667%}.col-lg-offset-10{margin-left:83.33333333%}.col-lg-offset-9{margin-left:75%}.col-lg-offset-8{margin-left:66.66666667%}.col-lg-offset-7{margin-left:58.33333333%}.col-lg-offset-6{margin-left:50%}.col-lg-offset-5{margin-left:41.66666667%}.col-lg-offset-4{margin-left:33.33333333%}.col-lg-offset-3{margin-left:25%}.col-lg-offset-2{margin-left:16.66666667%}.col-lg-offset-1{margin-left:8.33333333%}.col-lg-offset-0{margin-left:0}}table{background-color:transparent}caption{padding-top:8px;padding-bottom:8px;color:#777;text-align:left}th{text-align:left}.table{width:100%;max-width:100%;margin-bottom:20px}.table>thead>tr>th,.table>tbody>tr>th,.table>tfoot>tr>th,.table>thead>tr>td,.table>tbody>tr>td,.table>tfoot>tr>td{padding:8px;line-height:1.42857143;vertical-align:top;border-top:1px solid #ddd}.table>thead>tr>th{vertical-align:bottom;border-bottom:2px solid #ddd}.table>caption+thead>tr:first-child>th,.table>colgroup+thead>tr:first-child>th,.table>thead:first-child>tr:first-child>th,.table>caption+thead>tr:first-child>td,.table>colgroup+thead>tr:first-child>td,.table>thead:first-child>tr:first-child>td{border-top:0}.table>tbody+tbody{border-top:2px solid #ddd}.table .table{background-color:#fff}.table-condensed>thead>tr>th,.table-condensed>tbody>tr>th,.table-condensed>tfoot>tr>th,.table-condensed>thead>tr>td,.table-condensed>tbody>tr>td,.table-condensed>tfoot>tr>td{padding:5px}.table-bordered{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>tbody>tr>th,.table-bordered>tfoot>tr>th,.table-bordered>thead>tr>td,.table-bordered>tbody>tr>td,.table-bordered>tfoot>tr>td{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>thead>tr>td{border-bottom-width:2px}.table-striped>tbody>tr:nth-of-type(odd){background-color:#f9f9f9}.table-hover>tbody>tr:hover{background-color:#f5f5f5}table col[class*="col-"]{position:static;float:none;display:table-column}table td[class*="col-"],table th[class*="col-"]{position:static;float:none;display:table-cell}.table>thead>tr>td.active,.table>tbody>tr>td.active,.table>tfoot>tr>td.active,.table>thead>tr>th.active,.table>tbody>tr>th.active,.table>tfoot>tr>th.active,.table>thead>tr.active>td,.table>tbody>tr.active>td,.table>tfoot>tr.active>td,.table>thead>tr.active>th,.table>tbody>tr.active>th,.table>tfoot>tr.active>th{background-color:#f5f5f5}.table-hover>tbody>tr>td.active:hover,.table-hover>tbody>tr>th.active:hover,.table-hover>tbody>tr.active:hover>td,.table-hover>tbody>tr:hover>.active,.table-hover>tbody>tr.active:hover>th{background-color:#e8e8e8}.table>thead>tr>td.success,.table>tbody>tr>td.success,.table>tfoot>tr>td.success,.table>thead>tr>th.success,.table>tbody>tr>th.success,.table>tfoot>tr>th.success,.table>thead>tr.success>td,.table>tbody>tr.success>td,.table>tfoot>tr.success>td,.table>thead>tr.success>th,.table>tbody>tr.success>th,.table>tfoot>tr.success>th{background-color:#dff0d8}.table-hover>tbody>tr>td.success:hover,.table-hover>tbody>tr>th.success:hover,.table-hover>tbody>tr.success:hover>td,.table-hover>tbody>tr:hover>.success,.table-hover>tbody>tr.success:hover>th{background-color:#d0e9c6}.table>thead>tr>td.info,.table>tbody>tr>td.info,.table>tfoot>tr>td.info,.table>thead>tr>th.info,.table>tbody>tr>th.info,.table>tfoot>tr>th.info,.table>thead>tr.info>td,.table>tbody>tr.info>td,.table>tfoot>tr.info>td,.table>thead>tr.info>th,.table>tbody>tr.info>th,.table>tfoot>tr.info>th{background-color:#d9edf7}.table-hover>tbody>tr>td.info:hover,.table-hover>tbody>tr>th.info:hover,.table-hover>tbody>tr.info:hover>td,.table-hover>tbody>tr:hover>.info,.table-hover>tbody>tr.info:hover>th{background-color:#c4e3f3}.table>thead>tr>td.warning,.table>tbody>tr>td.warning,.table>tfoot>tr>td.warning,.table>thead>tr>th.warning,.table>tbody>tr>th.warning,.table>tfoot>tr>th.warning,.table>thead>tr.warning>td,.table>tbody>tr.warning>td,.table>tfoot>tr.warning>td,.table>thead>tr.warning>th,.table>tbody>tr.warning>th,.table>tfoot>tr.warning>th{background-color:#fcf8e3}.table-hover>tbody>tr>td.warning:hover,.table-hover>tbody>tr>th.warning:hover,.table-hover>tbody>tr.warning:hover>td,.table-hover>tbody>tr:hover>.warning,.table-hover>tbody>tr.warning:hover>th{background-color:#faf2cc}.table>thead>tr>td.danger,.table>tbody>tr>td.danger,.table>tfoot>tr>td.danger,.table>thead>tr>th.danger,.table>tbody>tr>th.danger,.table>tfoot>tr>th.danger,.table>thead>tr.danger>td,.table>tbody>tr.danger>td,.table>tfoot>tr.danger>td,.table>thead>tr.danger>th,.table>tbody>tr.danger>th,.table>tfoot>tr.danger>th{background-color:#f2dede}.table-hover>tbody>tr>td.danger:hover,.table-hover>tbody>tr>th.danger:hover,.table-hover>tbody>tr.danger:hover>td,.table-hover>tbody>tr:hover>.danger,.table-hover>tbody>tr.danger:hover>th{background-color:#ebcccc}.table-responsive{overflow-x:auto;min-height:0.01%}@media screen and (max-width:767px){.table-responsive{width:100%;margin-bottom:15px;overflow-y:hidden;-ms-overflow-style:-ms-autohiding-scrollbar;border:1px solid #ddd}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>thead>tr>th,.table-responsive>.table>tbody>tr>th,.table-responsive>.table>tfoot>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.table>tbody>tr>td,.table-responsive>.table>tfoot>tr>td{white-space:nowrap}.table-responsive>.table-bordered{border:0}.table-responsive>.table-bordered>thead>tr>th:first-child,.table-responsive>.table-bordered>tbody>tr>th:first-child,.table-responsive>.table-bordered>tfoot>tr>th:first-child,.table-responsive>.table-bordered>thead>tr>td:first-child,.table-responsive>.table-bordered>tbody>tr>td:first-child,.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.table-responsive>.table-bordered>thead>tr>th:last-child,.table-responsive>.table-bordered>tbody>tr>th:last-child,.table-responsive>.table-bordered>tfoot>tr>th:last-child,.table-responsive>.table-bordered>thead>tr>td:last-child,.table-responsive>.table-bordered>tbody>tr>td:last-child,.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.table-responsive>.table-bordered>tbody>tr:last-child>th,.table-responsive>.table-bordered>tfoot>tr:last-child>th,.table-responsive>.table-bordered>tbody>tr:last-child>td,.table-responsive>.table-bordered>tfoot>tr:last-child>td{border-bottom:0}}fieldset{padding:0;margin:0;border:0;min-width:0}legend{display:block;width:100%;padding:0;margin-bottom:20px;font-size:21px;line-height:inherit;color:#333;border:0;border-bottom:1px solid #e5e5e5}label{display:inline-block;max-width:100%;margin-bottom:5px;font-weight:bold}input[type="search"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}input[type="radio"],input[type="checkbox"]{margin:4px 0 0;margin-top:1px \9;line-height:normal}input[type="file"]{display:block}input[type="range"]{display:block;width:100%}select[multiple],select[size]{height:auto}input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}output{display:block;padding-top:7px;font-size:14px;line-height:1.42857143;color:#555}.form-control{display:block;width:100%;height:34px;padding:6px 12px;font-size:14px;line-height:1.42857143;color:#555;background-color:#fff;background-image:none;border:1px solid #ccc;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border-color ease-in-out .15s, -webkit-box-shadow ease-in-out .15s;-o-transition:border-color ease-in-out .15s, box-shadow ease-in-out .15s;transition:border-color ease-in-out .15s, box-shadow ease-in-out .15s}.form-control:focus{border-color:#66afe9;outline:0;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(102, 175, 233, 0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(102, 175, 233, 0.6)}.form-control::-moz-placeholder{color:#777;opacity:1}.form-control:-ms-input-placeholder{color:#777}.form-control::-webkit-input-placeholder{color:#777}.form-control::-ms-expand{border:0;background-color:transparent}.form-control[disabled],.form-control[readonly],fieldset[disabled] .form-control{background-color:#eee;opacity:1}.form-control[disabled],fieldset[disabled] .form-control{cursor:not-allowed}textarea.form-control{height:auto}input[type="search"]{-webkit-appearance:none}@media screen and (-webkit-min-device-pixel-ratio:0){input[type="date"].form-control,input[type="time"].form-control,input[type="datetime-local"].form-control,input[type="month"].form-control{line-height:34px}input[type="date"].input-sm,input[type="time"].input-sm,input[type="datetime-local"].input-sm,input[type="month"].input-sm,.input-group-sm input[type="date"],.input-group-sm input[type="time"],.input-group-sm input[type="datetime-local"],.input-group-sm input[type="month"]{line-height:30px}input[type="date"].input-lg,input[type="time"].input-lg,input[type="datetime-local"].input-lg,input[type="month"].input-lg,.input-group-lg input[type="date"],.input-group-lg input[type="time"],.input-group-lg input[type="datetime-local"],.input-group-lg input[type="month"]{line-height:46px}}.form-group{margin-bottom:15px}.radio,.checkbox{position:relative;display:block;margin-top:10px;margin-bottom:10px}.radio label,.checkbox label{min-height:20px;padding-left:20px;margin-bottom:0;font-weight:normal;cursor:pointer}.radio input[type="radio"],.radio-inline input[type="radio"],.checkbox input[type="checkbox"],.checkbox-inline input[type="checkbox"]{position:absolute;margin-left:-20px;margin-top:4px \9}.radio+.radio,.checkbox+.checkbox{margin-top:-5px}.radio-inline,.checkbox-inline{position:relative;display:inline-block;padding-left:20px;margin-bottom:0;vertical-align:middle;font-weight:normal;cursor:pointer}.radio-inline+.radio-inline,.checkbox-inline+.checkbox-inline{margin-top:0;margin-left:10px}input[type="radio"][disabled],input[type="checkbox"][disabled],input[type="radio"].disabled,input[type="checkbox"].disabled,fieldset[disabled] input[type="radio"],fieldset[disabled] input[type="checkbox"]{cursor:not-allowed}.radio-inline.disabled,.checkbox-inline.disabled,fieldset[disabled] .radio-inline,fieldset[disabled] .checkbox-inline{cursor:not-allowed}.radio.disabled label,.checkbox.disabled label,fieldset[disabled] .radio label,fieldset[disabled] .checkbox label{cursor:not-allowed}.form-control-static{padding-top:7px;padding-bottom:7px;margin-bottom:0;min-height:34px}.form-control-static.input-lg,.form-control-static.input-sm{padding-left:0;padding-right:0}.input-sm{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-sm{height:30px;line-height:30px}textarea.input-sm,select[multiple].input-sm{height:auto}.form-group-sm .form-control{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.form-group-sm select.form-control{height:30px;line-height:30px}.form-group-sm textarea.form-control,.form-group-sm select[multiple].form-control{height:auto}.form-group-sm .form-control-static{height:30px;min-height:32px;padding:6px 10px;font-size:12px;line-height:1.5}.input-lg{height:46px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}select.input-lg{height:46px;line-height:46px}textarea.input-lg,select[multiple].input-lg{height:auto}.form-group-lg .form-control{height:46px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}.form-group-lg select.form-control{height:46px;line-height:46px}.form-group-lg textarea.form-control,.form-group-lg select[multiple].form-control{height:auto}.form-group-lg .form-control-static{height:46px;min-height:38px;padding:11px 16px;font-size:18px;line-height:1.33}.has-feedback{position:relative}.has-feedback .form-control{padding-right:42.5px}.form-control-feedback{position:absolute;top:0;right:0;z-index:2;display:block;width:34px;height:34px;line-height:34px;text-align:center;pointer-events:none}.input-lg+.form-control-feedback,.input-group-lg+.form-control-feedback,.form-group-lg .form-control+.form-control-feedback{width:46px;height:46px;line-height:46px}.input-sm+.form-control-feedback,.input-group-sm+.form-control-feedback,.form-group-sm .form-control+.form-control-feedback{width:30px;height:30px;line-height:30px}.has-success .help-block,.has-success .control-label,.has-success .radio,.has-success .checkbox,.has-success .radio-inline,.has-success .checkbox-inline,.has-success.radio label,.has-success.checkbox label,.has-success.radio-inline label,.has-success.checkbox-inline label{color:#3c763d}.has-success .form-control{border-color:#3c763d;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-success .form-control:focus{border-color:#2b542c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #67b168;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #67b168}.has-success .input-group-addon{color:#3c763d;border-color:#3c763d;background-color:#dff0d8}.has-success .form-control-feedback{color:#3c763d}.has-warning .help-block,.has-warning .control-label,.has-warning .radio,.has-warning .checkbox,.has-warning .radio-inline,.has-warning .checkbox-inline,.has-warning.radio label,.has-warning.checkbox label,.has-warning.radio-inline label,.has-warning.checkbox-inline label{color:#8a6d3b}.has-warning .form-control{border-color:#8a6d3b;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-warning .form-control:focus{border-color:#66512c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #c0a16b;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #c0a16b}.has-warning .input-group-addon{color:#8a6d3b;border-color:#8a6d3b;background-color:#fcf8e3}.has-warning .form-control-feedback{color:#8a6d3b}.has-error .help-block,.has-error .control-label,.has-error .radio,.has-error .checkbox,.has-error .radio-inline,.has-error .checkbox-inline,.has-error.radio label,.has-error.checkbox label,.has-error.radio-inline label,.has-error.checkbox-inline label{color:#a94442}.has-error .form-control{border-color:#a94442;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-error .form-control:focus{border-color:#843534;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #ce8483;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #ce8483}.has-error .input-group-addon{color:#a94442;border-color:#a94442;background-color:#f2dede}.has-error .form-control-feedback{color:#a94442}.has-feedback label~.form-control-feedback{top:25px}.has-feedback label.sr-only~.form-control-feedback{top:0}.help-block{display:block;margin-top:5px;margin-bottom:10px;color:#737373}@media (min-width:768px){.form-inline .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.form-inline .form-control{display:inline-block;width:auto;vertical-align:middle}.form-inline .form-control-static{display:inline-block}.form-inline .input-group{display:inline-table;vertical-align:middle}.form-inline .input-group .input-group-addon,.form-inline .input-group .input-group-btn,.form-inline .input-group .form-control{width:auto}.form-inline .input-group>.form-control{width:100%}.form-inline .control-label{margin-bottom:0;vertical-align:middle}.form-inline .radio,.form-inline .checkbox{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.form-inline .radio label,.form-inline .checkbox label{padding-left:0}.form-inline .radio input[type="radio"],.form-inline .checkbox input[type="checkbox"]{position:relative;margin-left:0}.form-inline .has-feedback .form-control-feedback{top:0}}.form-horizontal .radio,.form-horizontal .checkbox,.form-horizontal .radio-inline,.form-horizontal .checkbox-inline{margin-top:0;margin-bottom:0;padding-top:7px}.form-horizontal .radio,.form-horizontal .checkbox{min-height:27px}.form-horizontal .form-group{margin-left:-15px;margin-right:-15px}@media (min-width:768px){.form-horizontal .control-label{text-align:right;margin-bottom:0;padding-top:7px}}.form-horizontal .has-feedback .form-control-feedback{right:15px}@media (min-width:768px){.form-horizontal .form-group-lg .control-label{padding-top:11px;font-size:18px}}@media (min-width:768px){.form-horizontal .form-group-sm .control-label{padding-top:6px;font-size:12px}}.btn{display:inline-block;margin-bottom:0;font-weight:normal;text-align:center;vertical-align:middle;-ms-touch-action:manipulation;touch-action:manipulation;cursor:pointer;background-image:none;border:1px solid transparent;white-space:nowrap;padding:6px 12px;font-size:14px;line-height:1.42857143;border-radius:4px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.btn:focus,.btn:active:focus,.btn.active:focus,.btn.focus,.btn:active.focus,.btn.active.focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn:hover,.btn:focus,.btn.focus{color:#333;text-decoration:none}.btn:active,.btn.active{outline:0;background-image:none;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{cursor:not-allowed;opacity:.65;filter:alpha(opacity=65);-webkit-box-shadow:none;box-shadow:none}a.btn.disabled,fieldset[disabled] a.btn{pointer-events:none}.btn-default{color:#333;background-color:#fff;border-color:#ccc}.btn-default:focus,.btn-default.focus{color:#333;background-color:#e6e6e6;border-color:#8c8c8c}.btn-default:hover{color:#333;background-color:#e6e6e6;border-color:#adadad}.btn-default:active,.btn-default.active,.open>.dropdown-toggle.btn-default{color:#333;background-color:#e6e6e6;border-color:#adadad}.btn-default:active:hover,.btn-default.active:hover,.open>.dropdown-toggle.btn-default:hover,.btn-default:active:focus,.btn-default.active:focus,.open>.dropdown-toggle.btn-default:focus,.btn-default:active.focus,.btn-default.active.focus,.open>.dropdown-toggle.btn-default.focus{color:#333;background-color:#d4d4d4;border-color:#8c8c8c}.btn-default:active,.btn-default.active,.open>.dropdown-toggle.btn-default{background-image:none}.btn-default.disabled:hover,.btn-default[disabled]:hover,fieldset[disabled] .btn-default:hover,.btn-default.disabled:focus,.btn-default[disabled]:focus,fieldset[disabled] .btn-default:focus,.btn-default.disabled.focus,.btn-default[disabled].focus,fieldset[disabled] .btn-default.focus{background-color:#fff;border-color:#ccc}.btn-default .badge{color:#fff;background-color:#333}.btn-primary{color:#fff;background-color:#428bca;border-color:#357ebd}.btn-primary:focus,.btn-primary.focus{color:#fff;background-color:#3071a9;border-color:#193c5a}.btn-primary:hover{color:#fff;background-color:#3071a9;border-color:#285e8e}.btn-primary:active,.btn-primary.active,.open>.dropdown-toggle.btn-primary{color:#fff;background-color:#3071a9;border-color:#285e8e}.btn-primary:active:hover,.btn-primary.active:hover,.open>.dropdown-toggle.btn-primary:hover,.btn-primary:active:focus,.btn-primary.active:focus,.open>.dropdown-toggle.btn-primary:focus,.btn-primary:active.focus,.btn-primary.active.focus,.open>.dropdown-toggle.btn-primary.focus{color:#fff;background-color:#285e8e;border-color:#193c5a}.btn-primary:active,.btn-primary.active,.open>.dropdown-toggle.btn-primary{background-image:none}.btn-primary.disabled:hover,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary:hover,.btn-primary.disabled:focus,.btn-primary[disabled]:focus,fieldset[disabled] .btn-primary:focus,.btn-primary.disabled.focus,.btn-primary[disabled].focus,fieldset[disabled] .btn-primary.focus{background-color:#428bca;border-color:#357ebd}.btn-primary .badge{color:#428bca;background-color:#fff}.btn-success{color:#fff;background-color:#5cb85c;border-color:#4cae4c}.btn-success:focus,.btn-success.focus{color:#fff;background-color:#449d44;border-color:#255625}.btn-success:hover{color:#fff;background-color:#449d44;border-color:#398439}.btn-success:active,.btn-success.active,.open>.dropdown-toggle.btn-success{color:#fff;background-color:#449d44;border-color:#398439}.btn-success:active:hover,.btn-success.active:hover,.open>.dropdown-toggle.btn-success:hover,.btn-success:active:focus,.btn-success.active:focus,.open>.dropdown-toggle.btn-success:focus,.btn-success:active.focus,.btn-success.active.focus,.open>.dropdown-toggle.btn-success.focus{color:#fff;background-color:#398439;border-color:#255625}.btn-success:active,.btn-success.active,.open>.dropdown-toggle.btn-success{background-image:none}.btn-success.disabled:hover,.btn-success[disabled]:hover,fieldset[disabled] .btn-success:hover,.btn-success.disabled:focus,.btn-success[disabled]:focus,fieldset[disabled] .btn-success:focus,.btn-success.disabled.focus,.btn-success[disabled].focus,fieldset[disabled] .btn-success.focus{background-color:#5cb85c;border-color:#4cae4c}.btn-success .badge{color:#5cb85c;background-color:#fff}.btn-info{color:#fff;background-color:#5bc0de;border-color:#46b8da}.btn-info:focus,.btn-info.focus{color:#fff;background-color:#31b0d5;border-color:#1b6d85}.btn-info:hover{color:#fff;background-color:#31b0d5;border-color:#269abc}.btn-info:active,.btn-info.active,.open>.dropdown-toggle.btn-info{color:#fff;background-color:#31b0d5;border-color:#269abc}.btn-info:active:hover,.btn-info.active:hover,.open>.dropdown-toggle.btn-info:hover,.btn-info:active:focus,.btn-info.active:focus,.open>.dropdown-toggle.btn-info:focus,.btn-info:active.focus,.btn-info.active.focus,.open>.dropdown-toggle.btn-info.focus{color:#fff;background-color:#269abc;border-color:#1b6d85}.btn-info:active,.btn-info.active,.open>.dropdown-toggle.btn-info{background-image:none}.btn-info.disabled:hover,.btn-info[disabled]:hover,fieldset[disabled] .btn-info:hover,.btn-info.disabled:focus,.btn-info[disabled]:focus,fieldset[disabled] .btn-info:focus,.btn-info.disabled.focus,.btn-info[disabled].focus,fieldset[disabled] .btn-info.focus{background-color:#5bc0de;border-color:#46b8da}.btn-info .badge{color:#5bc0de;background-color:#fff}.btn-warning{color:#fff;background-color:#f0ad4e;border-color:#eea236}.btn-warning:focus,.btn-warning.focus{color:#fff;background-color:#ec971f;border-color:#985f0d}.btn-warning:hover{color:#fff;background-color:#ec971f;border-color:#d58512}.btn-warning:active,.btn-warning.active,.open>.dropdown-toggle.btn-warning{color:#fff;background-color:#ec971f;border-color:#d58512}.btn-warning:active:hover,.btn-warning.active:hover,.open>.dropdown-toggle.btn-warning:hover,.btn-warning:active:focus,.btn-warning.active:focus,.open>.dropdown-toggle.btn-warning:focus,.btn-warning:active.focus,.btn-warning.active.focus,.open>.dropdown-toggle.btn-warning.focus{color:#fff;background-color:#d58512;border-color:#985f0d}.btn-warning:active,.btn-warning.active,.open>.dropdown-toggle.btn-warning{background-image:none}.btn-warning.disabled:hover,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning:hover,.btn-warning.disabled:focus,.btn-warning[disabled]:focus,fieldset[disabled] .btn-warning:focus,.btn-warning.disabled.focus,.btn-warning[disabled].focus,fieldset[disabled] .btn-warning.focus{background-color:#f0ad4e;border-color:#eea236}.btn-warning .badge{color:#f0ad4e;background-color:#fff}.btn-danger{color:#fff;background-color:#d9534f;border-color:#d43f3a}.btn-danger:focus,.btn-danger.focus{color:#fff;background-color:#c9302c;border-color:#761c19}.btn-danger:hover{color:#fff;background-color:#c9302c;border-color:#ac2925}.btn-danger:active,.btn-danger.active,.open>.dropdown-toggle.btn-danger{color:#fff;background-color:#c9302c;border-color:#ac2925}.btn-danger:active:hover,.btn-danger.active:hover,.open>.dropdown-toggle.btn-danger:hover,.btn-danger:active:focus,.btn-danger.active:focus,.open>.dropdown-toggle.btn-danger:focus,.btn-danger:active.focus,.btn-danger.active.focus,.open>.dropdown-toggle.btn-danger.focus{color:#fff;background-color:#ac2925;border-color:#761c19}.btn-danger:active,.btn-danger.active,.open>.dropdown-toggle.btn-danger{background-image:none}.btn-danger.disabled:hover,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger:hover,.btn-danger.disabled:focus,.btn-danger[disabled]:focus,fieldset[disabled] .btn-danger:focus,.btn-danger.disabled.focus,.btn-danger[disabled].focus,fieldset[disabled] .btn-danger.focus{background-color:#d9534f;border-color:#d43f3a}.btn-danger .badge{color:#d9534f;background-color:#fff}.btn-link{color:#428bca;font-weight:normal;border-radius:0}.btn-link,.btn-link:active,.btn-link.active,.btn-link[disabled],fieldset[disabled] .btn-link{background-color:transparent;-webkit-box-shadow:none;box-shadow:none}.btn-link,.btn-link:hover,.btn-link:focus,.btn-link:active{border-color:transparent}.btn-link:hover,.btn-link:focus{color:#2a6496;text-decoration:underline;background-color:transparent}.btn-link[disabled]:hover,fieldset[disabled] .btn-link:hover,.btn-link[disabled]:focus,fieldset[disabled] .btn-link:focus{color:#777;text-decoration:none}.btn-lg,.btn-group-lg>.btn{padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}.btn-sm,.btn-group-sm>.btn{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-xs,.btn-group-xs>.btn{padding:1px 5px;font-size:12px;line-height:1.5;border-radius:3px}.btn-block{display:block;width:100%}.btn-block+.btn-block{margin-top:5px}input[type="submit"].btn-block,input[type="reset"].btn-block,input[type="button"].btn-block{width:100%}.fade{opacity:0;-webkit-transition:opacity .15s linear;-o-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{display:none}.collapse.in{display:block}tr.collapse.in{display:table-row}tbody.collapse.in{display:table-row-group}.collapsing{position:relative;height:0;overflow:hidden;-webkit-transition-property:height, visibility;-o-transition-property:height, visibility;transition-property:height, visibility;-webkit-transition-duration:.35s;-o-transition-duration:.35s;transition-duration:.35s;-webkit-transition-timing-function:ease;-o-transition-timing-function:ease;transition-timing-function:ease}.btn-group,.btn-group-vertical{position:relative;display:inline-block;vertical-align:middle}.btn-group>.btn,.btn-group-vertical>.btn{position:relative;float:left}.btn-group>.btn:hover,.btn-group-vertical>.btn:hover,.btn-group>.btn:focus,.btn-group-vertical>.btn:focus,.btn-group>.btn:active,.btn-group-vertical>.btn:active,.btn-group>.btn.active,.btn-group-vertical>.btn.active{z-index:2}.btn-group .btn+.btn,.btn-group .btn+.btn-group,.btn-group .btn-group+.btn,.btn-group .btn-group+.btn-group{margin-left:-1px}.btn-toolbar{margin-left:-5px}.btn-toolbar .btn,.btn-toolbar .btn-group,.btn-toolbar .input-group{float:left}.btn-toolbar>.btn,.btn-toolbar>.btn-group,.btn-toolbar>.input-group{margin-left:5px}.btn-group>.btn:not(:first-child):not(:last-child):not(.dropdown-toggle){border-radius:0}.btn-group>.btn:first-child{margin-left:0}.btn-group>.btn:first-child:not(:last-child):not(.dropdown-toggle){border-bottom-right-radius:0;border-top-right-radius:0}.btn-group>.btn:last-child:not(:first-child),.btn-group>.dropdown-toggle:not(:first-child){border-bottom-left-radius:0;border-top-left-radius:0}.btn-group>.btn-group{float:left}.btn-group>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-bottom-right-radius:0;border-top-right-radius:0}.btn-group>.btn-group:last-child:not(:first-child)>.btn:first-child{border-bottom-left-radius:0;border-top-left-radius:0}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group>.btn+.dropdown-toggle{padding-left:8px;padding-right:8px}.btn-group>.btn-lg+.dropdown-toggle{padding-left:12px;padding-right:12px}.btn-group.open .dropdown-toggle{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn-group.open .dropdown-toggle.btn-link{-webkit-box-shadow:none;box-shadow:none}.btn .caret{margin-left:0}.btn-lg .caret{border-width:5px 5px 0;border-bottom-width:0}.dropup .btn-lg .caret{border-width:0 5px 5px}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group,.btn-group-vertical>.btn-group>.btn{display:block;float:none;width:100%;max-width:100%}.btn-group-vertical>.btn-group>.btn{float:none}.btn-group-vertical>.btn+.btn,.btn-group-vertical>.btn+.btn-group,.btn-group-vertical>.btn-group+.btn,.btn-group-vertical>.btn-group+.btn-group{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:not(:first-child):not(:last-child){border-radius:0}.btn-group-vertical>.btn:first-child:not(:last-child){border-top-right-radius:4px;border-top-left-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn:last-child:not(:first-child){border-top-right-radius:0;border-top-left-radius:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.btn-group-vertical>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group-vertical>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group-vertical>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:last-child:not(:first-child)>.btn:first-child{border-top-right-radius:0;border-top-left-radius:0}.btn-group-justified{display:table;width:100%;table-layout:fixed;border-collapse:separate}.btn-group-justified>.btn,.btn-group-justified>.btn-group{float:none;display:table-cell;width:1%}.btn-group-justified>.btn-group .btn{width:100%}.btn-group-justified>.btn-group .dropdown-menu{left:auto}[data-toggle="buttons"]>.btn input[type="radio"],[data-toggle="buttons"]>.btn-group>.btn input[type="radio"],[data-toggle="buttons"]>.btn input[type="checkbox"],[data-toggle="buttons"]>.btn-group>.btn input[type="checkbox"]{position:absolute;clip:rect(0, 0, 0, 0);pointer-events:none}.input-group{position:relative;display:table;border-collapse:separate}.input-group[class*="col-"]{float:none;padding-left:0;padding-right:0}.input-group .form-control{position:relative;z-index:2;float:left;width:100%;margin-bottom:0}.input-group .form-control:focus{z-index:3}.input-group-lg>.form-control,.input-group-lg>.input-group-addon,.input-group-lg>.input-group-btn>.btn{height:46px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}select.input-group-lg>.form-control,select.input-group-lg>.input-group-addon,select.input-group-lg>.input-group-btn>.btn{height:46px;line-height:46px}textarea.input-group-lg>.form-control,textarea.input-group-lg>.input-group-addon,textarea.input-group-lg>.input-group-btn>.btn,select[multiple].input-group-lg>.form-control,select[multiple].input-group-lg>.input-group-addon,select[multiple].input-group-lg>.input-group-btn>.btn{height:auto}.input-group-sm>.form-control,.input-group-sm>.input-group-addon,.input-group-sm>.input-group-btn>.btn{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-group-sm>.form-control,select.input-group-sm>.input-group-addon,select.input-group-sm>.input-group-btn>.btn{height:30px;line-height:30px}textarea.input-group-sm>.form-control,textarea.input-group-sm>.input-group-addon,textarea.input-group-sm>.input-group-btn>.btn,select[multiple].input-group-sm>.form-control,select[multiple].input-group-sm>.input-group-addon,select[multiple].input-group-sm>.input-group-btn>.btn{height:auto}.input-group-addon,.input-group-btn,.input-group .form-control{display:table-cell}.input-group-addon:not(:first-child):not(:last-child),.input-group-btn:not(:first-child):not(:last-child),.input-group .form-control:not(:first-child):not(:last-child){border-radius:0}.input-group-addon,.input-group-btn{width:1%;white-space:nowrap;vertical-align:middle}.input-group-addon{padding:6px 12px;font-size:14px;font-weight:normal;line-height:1;color:#555;text-align:center;background-color:#eee;border:1px solid #ccc;border-radius:4px}.input-group-addon.input-sm{padding:5px 10px;font-size:12px;border-radius:3px}.input-group-addon.input-lg{padding:10px 16px;font-size:18px;border-radius:6px}.input-group-addon input[type="radio"],.input-group-addon input[type="checkbox"]{margin-top:0}.input-group .form-control:first-child,.input-group-addon:first-child,.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group>.btn,.input-group-btn:first-child>.dropdown-toggle,.input-group-btn:last-child>.btn:not(:last-child):not(.dropdown-toggle),.input-group-btn:last-child>.btn-group:not(:last-child)>.btn{border-bottom-right-radius:0;border-top-right-radius:0}.input-group-addon:first-child{border-right:0}.input-group .form-control:last-child,.input-group-addon:last-child,.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group>.btn,.input-group-btn:last-child>.dropdown-toggle,.input-group-btn:first-child>.btn:not(:first-child),.input-group-btn:first-child>.btn-group:not(:first-child)>.btn{border-bottom-left-radius:0;border-top-left-radius:0}.input-group-addon:last-child{border-left:0}.input-group-btn{position:relative;font-size:0;white-space:nowrap}.input-group-btn>.btn{position:relative}.input-group-btn>.btn+.btn{margin-left:-1px}.input-group-btn>.btn:hover,.input-group-btn>.btn:focus,.input-group-btn>.btn:active{z-index:2}.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group{margin-right:-1px}.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group{z-index:2;margin-left:-1px}.nav{margin-bottom:0;padding-left:0;list-style:none}.nav>li{position:relative;display:block}.nav>li>a{position:relative;display:block;padding:10px 15px}.nav>li>a:hover,.nav>li>a:focus{text-decoration:none;background-color:#eee}.nav>li.disabled>a{color:#777}.nav>li.disabled>a:hover,.nav>li.disabled>a:focus{color:#777;text-decoration:none;background-color:transparent;cursor:not-allowed}.nav .open>a,.nav .open>a:hover,.nav .open>a:focus{background-color:#eee;border-color:#428bca}.nav .nav-divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.nav>li>a>img{max-width:none}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{margin-right:2px;line-height:1.42857143;border:1px solid transparent;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover{border-color:#eee #eee #ddd}.nav-tabs>li.active>a,.nav-tabs>li.active>a:hover,.nav-tabs>li.active>a:focus{color:#555;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent;cursor:default}.nav-tabs.nav-justified{width:100%;border-bottom:0}.nav-tabs.nav-justified>li{float:none}.nav-tabs.nav-justified>li>a{text-align:center;margin-bottom:5px}.nav-tabs.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-tabs.nav-justified>li{display:table-cell;width:1%}.nav-tabs.nav-justified>li>a{margin-bottom:0}}.nav-tabs.nav-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border:1px solid #ddd}@media (min-width:768px){.nav-tabs.nav-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border-bottom-color:#fff}}.nav-pills>li{float:left}.nav-pills>li>a{border-radius:4px}.nav-pills>li+li{margin-left:2px}.nav-pills>li.active>a,.nav-pills>li.active>a:hover,.nav-pills>li.active>a:focus{color:#fff;background-color:#428bca}.nav-stacked>li{float:none}.nav-stacked>li+li{margin-top:2px;margin-left:0}.nav-justified{width:100%}.nav-justified>li{float:none}.nav-justified>li>a{text-align:center;margin-bottom:5px}.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-justified>li{display:table-cell;width:1%}.nav-justified>li>a{margin-bottom:0}}.nav-tabs-justified{border-bottom:0}.nav-tabs-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border:1px solid #ddd}@media (min-width:768px){.nav-tabs-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border-bottom-color:#fff}}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-right-radius:0;border-top-left-radius:0}.navbar{position:relative;min-height:50px;margin-bottom:20px;border:1px solid transparent}@media (min-width:768px){.navbar{border-radius:4px}}@media (min-width:768px){.navbar-header{float:left}}.navbar-collapse{overflow-x:visible;padding-right:15px;padding-left:15px;border-top:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);-webkit-overflow-scrolling:touch}.navbar-collapse.in{overflow-y:auto}@media (min-width:768px){.navbar-collapse{width:auto;border-top:0;-webkit-box-shadow:none;box-shadow:none}.navbar-collapse.collapse{display:block !important;height:auto !important;padding-bottom:0;overflow:visible !important}.navbar-collapse.in{overflow-y:visible}.navbar-fixed-top .navbar-collapse,.navbar-static-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{padding-left:0;padding-right:0}}.navbar-fixed-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{max-height:340px}@media (max-device-width:480px) and (orientation:landscape){.navbar-fixed-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{max-height:200px}}.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:-15px;margin-left:-15px}@media (min-width:768px){.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:0;margin-left:0}}.navbar-static-top{z-index:1000;border-width:0 0 1px}@media (min-width:768px){.navbar-static-top{border-radius:0}}.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;z-index:1030}@media (min-width:768px){.navbar-fixed-top,.navbar-fixed-bottom{border-radius:0}}.navbar-fixed-top{top:0;border-width:0 0 1px}.navbar-fixed-bottom{bottom:0;margin-bottom:0;border-width:1px 0 0}.navbar-brand{float:left;padding:15px 15px;font-size:18px;line-height:20px;height:50px}.navbar-brand:hover,.navbar-brand:focus{text-decoration:none}.navbar-brand>img{display:block}@media (min-width:768px){.navbar>.container .navbar-brand,.navbar>.container-fluid .navbar-brand{margin-left:-15px}}.navbar-toggle{position:relative;float:right;margin-right:15px;padding:9px 10px;margin-top:8px;margin-bottom:8px;background-color:transparent;background-image:none;border:1px solid transparent;border-radius:4px}.navbar-toggle:focus{outline:0}.navbar-toggle .icon-bar{display:block;width:22px;height:2px;border-radius:1px}.navbar-toggle .icon-bar+.icon-bar{margin-top:4px}@media (min-width:768px){.navbar-toggle{display:none}}.navbar-nav{margin:7.5px -15px}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px;line-height:20px}@media (max-width:767px){.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;-webkit-box-shadow:none;box-shadow:none}.navbar-nav .open .dropdown-menu>li>a,.navbar-nav .open .dropdown-menu .dropdown-header{padding:5px 15px 5px 25px}.navbar-nav .open .dropdown-menu>li>a{line-height:20px}.navbar-nav .open .dropdown-menu>li>a:hover,.navbar-nav .open .dropdown-menu>li>a:focus{background-image:none}}@media (min-width:768px){.navbar-nav{float:left;margin:0}.navbar-nav>li{float:left}.navbar-nav>li>a{padding-top:15px;padding-bottom:15px}}.navbar-form{margin-left:-15px;margin-right:-15px;padding:10px 15px;border-top:1px solid transparent;border-bottom:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);margin-top:8px;margin-bottom:8px}@media (min-width:768px){.navbar-form .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.navbar-form .form-control{display:inline-block;width:auto;vertical-align:middle}.navbar-form .form-control-static{display:inline-block}.navbar-form .input-group{display:inline-table;vertical-align:middle}.navbar-form .input-group .input-group-addon,.navbar-form .input-group .input-group-btn,.navbar-form .input-group .form-control{width:auto}.navbar-form .input-group>.form-control{width:100%}.navbar-form .control-label{margin-bottom:0;vertical-align:middle}.navbar-form .radio,.navbar-form .checkbox{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.navbar-form .radio label,.navbar-form .checkbox label{padding-left:0}.navbar-form .radio input[type="radio"],.navbar-form .checkbox input[type="checkbox"]{position:relative;margin-left:0}.navbar-form .has-feedback .form-control-feedback{top:0}}@media (max-width:767px){.navbar-form .form-group{margin-bottom:5px}.navbar-form .form-group:last-child{margin-bottom:0}}@media (min-width:768px){.navbar-form{width:auto;border:0;margin-left:0;margin-right:0;padding-top:0;padding-bottom:0;-webkit-box-shadow:none;box-shadow:none}}.navbar-nav>li>.dropdown-menu{margin-top:0;border-top-right-radius:0;border-top-left-radius:0}.navbar-fixed-bottom .navbar-nav>li>.dropdown-menu{margin-bottom:0;border-top-right-radius:4px;border-top-left-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.navbar-btn{margin-top:8px;margin-bottom:8px}.navbar-btn.btn-sm{margin-top:10px;margin-bottom:10px}.navbar-btn.btn-xs{margin-top:14px;margin-bottom:14px}.navbar-text{margin-top:15px;margin-bottom:15px}@media (min-width:768px){.navbar-text{float:left;margin-left:15px;margin-right:15px}}@media (min-width:768px){.navbar-left{float:left !important}.navbar-right{float:right !important;margin-right:-15px}.navbar-right~.navbar-right{margin-right:0}}.navbar-default{background-color:#f8f8f8;border-color:#e7e7e7}.navbar-default .navbar-brand{color:#777}.navbar-default .navbar-brand:hover,.navbar-default .navbar-brand:focus{color:#5e5e5e;background-color:transparent}.navbar-default .navbar-text{color:#777}.navbar-default .navbar-nav>li>a{color:#777}.navbar-default .navbar-nav>li>a:hover,.navbar-default .navbar-nav>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.active>a:hover,.navbar-default .navbar-nav>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav>.disabled>a,.navbar-default .navbar-nav>.disabled>a:hover,.navbar-default .navbar-nav>.disabled>a:focus{color:#ccc;background-color:transparent}.navbar-default .navbar-toggle{border-color:#ddd}.navbar-default .navbar-toggle:hover,.navbar-default .navbar-toggle:focus{background-color:#ddd}.navbar-default .navbar-toggle .icon-bar{background-color:#888}.navbar-default .navbar-collapse,.navbar-default .navbar-form{border-color:#e7e7e7}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.open>a:hover,.navbar-default .navbar-nav>.open>a:focus{background-color:#e7e7e7;color:#555}@media (max-width:767px){.navbar-default .navbar-nav .open .dropdown-menu>li>a{color:#777}.navbar-default .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav .open .dropdown-menu>.active>a,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#ccc;background-color:transparent}}.navbar-default .navbar-link{color:#777}.navbar-default .navbar-link:hover{color:#333}.navbar-default .btn-link{color:#777}.navbar-default .btn-link:hover,.navbar-default .btn-link:focus{color:#333}.navbar-default .btn-link[disabled]:hover,fieldset[disabled] .navbar-default .btn-link:hover,.navbar-default .btn-link[disabled]:focus,fieldset[disabled] .navbar-default .btn-link:focus{color:#ccc}.navbar-inverse{background-color:#222;border-color:#080808}.navbar-inverse .navbar-brand{color:#777}.navbar-inverse .navbar-brand:hover,.navbar-inverse .navbar-brand:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-text{color:#777}.navbar-inverse .navbar-nav>li>a{color:#777}.navbar-inverse .navbar-nav>li>a:hover,.navbar-inverse .navbar-nav>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.active>a:hover,.navbar-inverse .navbar-nav>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav>.disabled>a,.navbar-inverse .navbar-nav>.disabled>a:hover,.navbar-inverse .navbar-nav>.disabled>a:focus{color:#444;background-color:transparent}.navbar-inverse .navbar-toggle{border-color:#333}.navbar-inverse .navbar-toggle:hover,.navbar-inverse .navbar-toggle:focus{background-color:#333}.navbar-inverse .navbar-toggle .icon-bar{background-color:#fff}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#101010}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.open>a:hover,.navbar-inverse .navbar-nav>.open>a:focus{background-color:#080808;color:#fff}@media (max-width:767px){.navbar-inverse .navbar-nav .open .dropdown-menu>.dropdown-header{border-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu .divider{background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a{color:#777}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#444;background-color:transparent}}.navbar-inverse .navbar-link{color:#777}.navbar-inverse .navbar-link:hover{color:#fff}.navbar-inverse .btn-link{color:#777}.navbar-inverse .btn-link:hover,.navbar-inverse .btn-link:focus{color:#fff}.navbar-inverse .btn-link[disabled]:hover,fieldset[disabled] .navbar-inverse .btn-link:hover,.navbar-inverse .btn-link[disabled]:focus,fieldset[disabled] .navbar-inverse .btn-link:focus{color:#444}.label{display:inline;padding:.2em .6em .3em;font-size:75%;font-weight:bold;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:.25em}a.label:hover,a.label:focus{color:#fff;text-decoration:none;cursor:pointer}.label:empty{display:none}.btn .label{position:relative;top:-1px}.label-default{background-color:#777}.label-default[href]:hover,.label-default[href]:focus{background-color:#5e5e5e}.label-primary{background-color:#428bca}.label-primary[href]:hover,.label-primary[href]:focus{background-color:#3071a9}.label-success{background-color:#5cb85c}.label-success[href]:hover,.label-success[href]:focus{background-color:#449d44}.label-info{background-color:#5bc0de}.label-info[href]:hover,.label-info[href]:focus{background-color:#31b0d5}.label-warning{background-color:#f0ad4e}.label-warning[href]:hover,.label-warning[href]:focus{background-color:#ec971f}.label-danger{background-color:#d9534f}.label-danger[href]:hover,.label-danger[href]:focus{background-color:#c9302c}.badge{display:inline-block;min-width:10px;padding:3px 7px;font-size:12px;font-weight:bold;color:#fff;line-height:1;vertical-align:middle;white-space:nowrap;text-align:center;background-color:#777;border-radius:10px}.badge:empty{display:none}.btn .badge{position:relative;top:-1px}.btn-xs .badge,.btn-group-xs>.btn .badge{top:0;padding:1px 5px}a.badge:hover,a.badge:focus{color:#fff;text-decoration:none;cursor:pointer}.list-group-item.active>.badge,.nav-pills>.active>a>.badge{color:#428bca;background-color:#fff}.list-group-item>.badge{float:right}.list-group-item>.badge+.badge{margin-right:5px}.nav-pills>li>a>.badge{margin-left:3px}.alert{padding:15px;margin-bottom:20px;border:1px solid transparent;border-radius:4px}.alert h4{margin-top:0;color:inherit}.alert .alert-link{font-weight:bold}.alert>p,.alert>ul{margin-bottom:0}.alert>p+p{margin-top:5px}.alert-dismissable,.alert-dismissible{padding-right:35px}.alert-dismissable .close,.alert-dismissible .close{position:relative;top:-2px;right:-21px;color:inherit}.alert-success{background-color:#dff0d8;border-color:#d6e9c6;color:#3c763d}.alert-success hr{border-top-color:#c9e2b3}.alert-success .alert-link{color:#2b542c}.alert-info{background-color:#d9edf7;border-color:#bce8f1;color:#31708f}.alert-info hr{border-top-color:#a6e1ec}.alert-info .alert-link{color:#245269}.alert-warning{background-color:#fcf8e3;border-color:#faebcc;color:#8a6d3b}.alert-warning hr{border-top-color:#f7e1b5}.alert-warning .alert-link{color:#66512c}.alert-danger{background-color:#f2dede;border-color:#ebccd1;color:#a94442}.alert-danger hr{border-top-color:#e4b9c0}.alert-danger .alert-link{color:#843534}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{overflow:hidden;height:20px;margin-bottom:20px;background-color:#f5f5f5;border-radius:4px;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1)}.progress-bar{float:left;width:0%;height:100%;font-size:12px;line-height:20px;color:#fff;text-align:center;background-color:#428bca;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-webkit-transition:width .6s ease;-o-transition:width .6s ease;transition:width .6s ease}.progress-striped .progress-bar,.progress-bar-striped{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);-webkit-background-size:40px 40px;background-size:40px 40px}.progress.active .progress-bar,.progress-bar.active{-webkit-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-bar-success{background-color:#5cb85c}.progress-striped .progress-bar-success{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-info{background-color:#5bc0de}.progress-striped .progress-bar-info{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-warning{background-color:#f0ad4e}.progress-striped .progress-bar-warning{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-danger{background-color:#d9534f}.progress-striped .progress-bar-danger{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.panel{margin-bottom:20px;background-color:#fff;border:1px solid transparent;border-radius:4px;-webkit-box-shadow:0 1px 1px rgba(0,0,0,0.05);box-shadow:0 1px 1px rgba(0,0,0,0.05)}.panel-body{padding:15px}.panel-heading{padding:10px 15px;border-bottom:1px solid transparent;border-top-right-radius:3px;border-top-left-radius:3px}.panel-heading>.dropdown .dropdown-toggle{color:inherit}.panel-title{margin-top:0;margin-bottom:0;font-size:16px;color:inherit}.panel-title>a,.panel-title>small,.panel-title>.small,.panel-title>small>a,.panel-title>.small>a{color:inherit}.panel-footer{padding:10px 15px;background-color:#f5f5f5;border-top:1px solid #ddd;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.list-group,.panel>.panel-collapse>.list-group{margin-bottom:0}.panel>.list-group .list-group-item,.panel>.panel-collapse>.list-group .list-group-item{border-width:1px 0;border-radius:0}.panel>.list-group:first-child .list-group-item:first-child,.panel>.panel-collapse>.list-group:first-child .list-group-item:first-child{border-top:0;border-top-right-radius:3px;border-top-left-radius:3px}.panel>.list-group:last-child .list-group-item:last-child,.panel>.panel-collapse>.list-group:last-child .list-group-item:last-child{border-bottom:0;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.panel-heading+.panel-collapse>.list-group .list-group-item:first-child{border-top-right-radius:0;border-top-left-radius:0}.panel-heading+.list-group .list-group-item:first-child{border-top-width:0}.list-group+.panel-footer{border-top-width:0}.panel>.table,.panel>.table-responsive>.table,.panel>.panel-collapse>.table{margin-bottom:0}.panel>.table caption,.panel>.table-responsive>.table caption,.panel>.panel-collapse>.table caption{padding-left:15px;padding-right:15px}.panel>.table:first-child,.panel>.table-responsive:first-child>.table:first-child{border-top-right-radius:3px;border-top-left-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:first-child{border-top-left-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:last-child{border-top-right-radius:3px}.panel>.table:last-child,.panel>.table-responsive:last-child>.table:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child{border-bottom-left-radius:3px;border-bottom-right-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:first-child{border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:last-child{border-bottom-right-radius:3px}.panel>.panel-body+.table,.panel>.panel-body+.table-responsive,.panel>.table+.panel-body,.panel>.table-responsive+.panel-body{border-top:1px solid #ddd}.panel>.table>tbody:first-child>tr:first-child th,.panel>.table>tbody:first-child>tr:first-child td{border-top:0}.panel>.table-bordered,.panel>.table-responsive>.table-bordered{border:0}.panel>.table-bordered>thead>tr>th:first-child,.panel>.table-responsive>.table-bordered>thead>tr>th:first-child,.panel>.table-bordered>tbody>tr>th:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:first-child,.panel>.table-bordered>tfoot>tr>th:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:first-child,.panel>.table-bordered>thead>tr>td:first-child,.panel>.table-responsive>.table-bordered>thead>tr>td:first-child,.panel>.table-bordered>tbody>tr>td:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:first-child,.panel>.table-bordered>tfoot>tr>td:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.panel>.table-bordered>thead>tr>th:last-child,.panel>.table-responsive>.table-bordered>thead>tr>th:last-child,.panel>.table-bordered>tbody>tr>th:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:last-child,.panel>.table-bordered>tfoot>tr>th:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:last-child,.panel>.table-bordered>thead>tr>td:last-child,.panel>.table-responsive>.table-bordered>thead>tr>td:last-child,.panel>.table-bordered>tbody>tr>td:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:last-child,.panel>.table-bordered>tfoot>tr>td:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.panel>.table-bordered>thead>tr:first-child>td,.panel>.table-responsive>.table-bordered>thead>tr:first-child>td,.panel>.table-bordered>tbody>tr:first-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>td,.panel>.table-bordered>thead>tr:first-child>th,.panel>.table-responsive>.table-bordered>thead>tr:first-child>th,.panel>.table-bordered>tbody>tr:first-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>th{border-bottom:0}.panel>.table-bordered>tbody>tr:last-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>td,.panel>.table-bordered>tfoot>tr:last-child>td,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>td,.panel>.table-bordered>tbody>tr:last-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>th,.panel>.table-bordered>tfoot>tr:last-child>th,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>th{border-bottom:0}.panel>.table-responsive{border:0;margin-bottom:0}.panel-group{margin-bottom:20px}.panel-group .panel{margin-bottom:0;border-radius:4px}.panel-group .panel+.panel{margin-top:5px}.panel-group .panel-heading{border-bottom:0}.panel-group .panel-heading+.panel-collapse>.panel-body,.panel-group .panel-heading+.panel-collapse>.list-group{border-top:1px solid #ddd}.panel-group .panel-footer{border-top:0}.panel-group .panel-footer+.panel-collapse .panel-body{border-bottom:1px solid #ddd}.panel-default{border-color:#ddd}.panel-default>.panel-heading{color:#333;background-color:#f5f5f5;border-color:#ddd}.panel-default>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ddd}.panel-default>.panel-heading .badge{color:#f5f5f5;background-color:#333}.panel-default>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ddd}.panel-primary{border-color:#428bca}.panel-primary>.panel-heading{color:#fff;background-color:#428bca;border-color:#428bca}.panel-primary>.panel-heading+.panel-collapse>.panel-body{border-top-color:#428bca}.panel-primary>.panel-heading .badge{color:#428bca;background-color:#fff}.panel-primary>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#428bca}.panel-success{border-color:#d6e9c6}.panel-success>.panel-heading{color:#3c763d;background-color:#dff0d8;border-color:#d6e9c6}.panel-success>.panel-heading+.panel-collapse>.panel-body{border-top-color:#d6e9c6}.panel-success>.panel-heading .badge{color:#dff0d8;background-color:#3c763d}.panel-success>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#d6e9c6}.panel-info{border-color:#bce8f1}.panel-info>.panel-heading{color:#31708f;background-color:#d9edf7;border-color:#bce8f1}.panel-info>.panel-heading+.panel-collapse>.panel-body{border-top-color:#bce8f1}.panel-info>.panel-heading .badge{color:#d9edf7;background-color:#31708f}.panel-info>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#bce8f1}.panel-warning{border-color:#faebcc}.panel-warning>.panel-heading{color:#8a6d3b;background-color:#fcf8e3;border-color:#faebcc}.panel-warning>.panel-heading+.panel-collapse>.panel-body{border-top-color:#faebcc}.panel-warning>.panel-heading .badge{color:#fcf8e3;background-color:#8a6d3b}.panel-warning>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#faebcc}.panel-danger{border-color:#ebccd1}.panel-danger>.panel-heading{color:#a94442;background-color:#f2dede;border-color:#ebccd1}.panel-danger>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ebccd1}.panel-danger>.panel-heading .badge{color:#f2dede;background-color:#a94442}.panel-danger>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ebccd1}.modal-open{overflow:hidden}.modal{display:none;overflow:hidden;position:fixed;top:0;right:0;bottom:0;left:0;z-index:1050;-webkit-overflow-scrolling:touch;outline:0}.modal.fade .modal-dialog{-webkit-transform:translate(0, -25%);-ms-transform:translate(0, -25%);-o-transform:translate(0, -25%);transform:translate(0, -25%);-webkit-transition:-webkit-transform 0.3s ease-out;-o-transition:-o-transform 0.3s ease-out;transition:transform 0.3s ease-out}.modal.in .modal-dialog{-webkit-transform:translate(0, 0);-ms-transform:translate(0, 0);-o-transform:translate(0, 0);transform:translate(0, 0)}.modal-open .modal{overflow-x:hidden;overflow-y:auto}.modal-dialog{position:relative;width:auto;margin:10px}.modal-content{position:relative;background-color:#fff;border:1px solid #999;border:1px solid rgba(0,0,0,0.2);border-radius:6px;-webkit-box-shadow:0 3px 9px rgba(0,0,0,0.5);box-shadow:0 3px 9px rgba(0,0,0,0.5);-webkit-background-clip:padding-box;background-clip:padding-box;outline:0}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000}.modal-backdrop.fade{opacity:0;filter:alpha(opacity=0)}.modal-backdrop.in{opacity:.5;filter:alpha(opacity=50)}.modal-header{padding:15px;border-bottom:1px solid #e5e5e5}.modal-header .close{margin-top:-2px}.modal-title{margin:0;line-height:1.42857143}.modal-body{position:relative;padding:15px}.modal-footer{padding:15px;text-align:right;border-top:1px solid #e5e5e5}.modal-footer .btn+.btn{margin-left:5px;margin-bottom:0}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}.modal-scrollbar-measure{position:absolute;top:-9999px;width:50px;height:50px;overflow:scroll}@media (min-width:768px){.modal-dialog{width:600px;margin:30px auto}.modal-content{-webkit-box-shadow:0 5px 15px rgba(0,0,0,0.5);box-shadow:0 5px 15px rgba(0,0,0,0.5)}.modal-sm{width:300px}}@media (min-width:992px){.modal-lg{width:900px}}.clearfix:before,.clearfix:after,.dl-horizontal dd:before,.dl-horizontal dd:after,.container:before,.container:after,.container-fluid:before,.container-fluid:after,.row:before,.row:after,.form-horizontal .form-group:before,.form-horizontal .form-group:after,.btn-toolbar:before,.btn-toolbar:after,.btn-group-vertical>.btn-group:before,.btn-group-vertical>.btn-group:after,.nav:before,.nav:after,.navbar:before,.navbar:after,.navbar-header:before,.navbar-header:after,.navbar-collapse:before,.navbar-collapse:after,.panel-body:before,.panel-body:after,.modal-header:before,.modal-header:after,.modal-footer:before,.modal-footer:after{content:" ";display:table}.clearfix:after,.dl-horizontal dd:after,.container:after,.container-fluid:after,.row:after,.form-horizontal .form-group:after,.btn-toolbar:after,.btn-group-vertical>.btn-group:after,.nav:after,.navbar:after,.navbar-header:after,.navbar-collapse:after,.panel-body:after,.modal-header:after,.modal-footer:after{clear:both}.center-block{display:block;margin-left:auto;margin-right:auto}.pull-right{float:right !important}.pull-left{float:left !important}.hide{display:none !important}.show{display:block !important}.invisible{visibility:hidden}.text-hide{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.hidden{display:none !important}.affix{position:fixed}@-ms-viewport{width:device-width}.visible-xs,.visible-sm,.visible-md,.visible-lg{display:none !important}.visible-xs-block,.visible-xs-inline,.visible-xs-inline-block,.visible-sm-block,.visible-sm-inline,.visible-sm-inline-block,.visible-md-block,.visible-md-inline,.visible-md-inline-block,.visible-lg-block,.visible-lg-inline,.visible-lg-inline-block{display:none !important}@media (max-width:767px){.visible-xs{display:block !important}table.visible-xs{display:table !important}tr.visible-xs{display:table-row !important}th.visible-xs,td.visible-xs{display:table-cell !important}}@media (max-width:767px){.visible-xs-block{display:block !important}}@media (max-width:767px){.visible-xs-inline{display:inline !important}}@media (max-width:767px){.visible-xs-inline-block{display:inline-block !important}}@media (min-width:768px) and (max-width:991px){.visible-sm{display:block !important}table.visible-sm{display:table !important}tr.visible-sm{display:table-row !important}th.visible-sm,td.visible-sm{display:table-cell !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-block{display:block !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline{display:inline !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline-block{display:inline-block !important}}@media (min-width:992px) and (max-width:1199px){.visible-md{display:block !important}table.visible-md{display:table !important}tr.visible-md{display:table-row !important}th.visible-md,td.visible-md{display:table-cell !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-block{display:block !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline{display:inline !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline-block{display:inline-block !important}}@media (min-width:1200px){.visible-lg{display:block !important}table.visible-lg{display:table !important}tr.visible-lg{display:table-row !important}th.visible-lg,td.visible-lg{display:table-cell !important}}@media (min-width:1200px){.visible-lg-block{display:block !important}}@media (min-width:1200px){.visible-lg-inline{display:inline !important}}@media (min-width:1200px){.visible-lg-inline-block{display:inline-block !important}}@media (max-width:767px){.hidden-xs{display:none !important}}@media (min-width:768px) and (max-width:991px){.hidden-sm{display:none !important}}@media (min-width:992px) and (max-width:1199px){.hidden-md{display:none !important}}@media (min-width:1200px){.hidden-lg{display:none !important}}.visible-print{display:none !important}@media print{.visible-print{display:block !important}table.visible-print{display:table !important}tr.visible-print{display:table-row !important}th.visible-print,td.visible-print{display:table-cell !important}}.visible-print-block{display:none !important}@media print{.visible-print-block{display:block !important}}.visible-print-inline{display:none !important}@media print{.visible-print-inline{display:inline !important}}.visible-print-inline-block{display:none !important}@media print{.visible-print-inline-block{display:inline-block !important}}@media print{.hidden-print{display:none !important}}table.treetable span.indenter{display:inline-block;text-align:right;user-select:none;-khtml-user-select:none;-moz-user-select:none;-o-user-select:none;-webkit-user-select:none;-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;width:19px;margin:0;padding:0;}table.treetable span.indenter a{background-position:left center;background-repeat:no-repeat;display:inline-block;text-decoration:none;width:19px;}table.treetable tr.collapsed span.indenter a{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAAHlJREFUeNrcU1sNgDAQ6wgmcAM2MICGGlg1gJnNzWQcvwQGy1j4oUl/7tH0mpwzM7SgQyO+EZAUWh2MkkzSWhJwuRAlHYsJwEwyvs1gABDuzqoJcTw5qxaIJN0bgQRgIjnlmn1heSO5PE6Y2YXe+5Cr5+h++gs12AcAS6FS+7YOsj4AAAAASUVORK5CYII=);}table.treetable tr.expanded span.indenter a{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAAHFJREFUeNpi/P//PwMlgImBQsA44C6gvhfa29v3MzAwOODRc6CystIRbxi0t7fjDJjKykpGYrwwi1hxnLHQ3t7+jIGBQRJJ6HllZaUUKYEYRYBPOB0gBShKwKGA////48VtbW3/8clTnBIH3gCKkzJgAGvBX0dDm0sCAAAAAElFTkSuQmCC);}table.treetable tr.branch{background-color:#f9f9f9;}table.treetable tr.selected{background-color:#3875d7;color:#fff;}table.treetable tr span.indenter a{outline:none;}tr.rule-overview-needs-attention td a{color:#d9534f;}td.rule-result div,span.rule-result{text-align:center;font-weight:700;color:#fff;background:gray;}td.rule-result-unknown div,span.rule-result-unknown{background:#f0ad4e;}.js-only{display:none;}.rule-detail-fail,.rule-detail-error,.rule-detail-unknown{border:2px solid #d9534f;}#footer{text-align:center;margin-top:50px;}pre{overflow:auto!important;word-wrap:normal!important;white-space:pre-wrap;}div.check-system-details,div.remediation,div.description{display:inline-block;width:0;min-width:100%;overflow-x:auto;}div.profile-description{white-space:pre-wrap;}div.modal-body{margin:50px;padding:0;}div.horizontal-scroll{overflow-x:auto;}div.top-spacer-10{margin-top:10px;}td.rule-result-fail div,span.rule-result-fail,td.rule-result-error div,span.rule-result-error{background:#d9534f;}td.rule-result-pass div,span.rule-result-pass,td.rule-result-fixed div,span.rule-result-fixed{background:#5cb85c;}.rule-result-filtered,.rule-result-filtered > *,.search-no-match,.search-no-match > *{display:none!important;}@media print{.container{width:100%;}.rule-result abbr[title]:after,.identifiers abbr[title]:after,.identifiers a[href]:after{content:"";}}</style><script> >/*! jQuery v1.12.4 | (c) jQuery Foundation | jquery.org/license */ >!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="1.12.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(e.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(0>a?b:0);return this.pushStack(c>=0&&b>c?[this[c]]:[])},end:function(){return this.prevObject||this.constructor()},push:g,sort:c.sort,splice:c.splice},n.extend=n.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]||{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]||{},h++),"object"==typeof g||n.isFunction(g)||(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(e=arguments[h]))for(d in e)a=g[d],c=e[d],g!==c&&(j&&c&&(n.isPlainObject(c)||(b=n.isArray(c)))?(b?(b=!1,f=a&&n.isArray(a)?a:[]):f=a&&n.isPlainObject(a)?a:{},g[d]=n.extend(j,f,c)):void 0!==c&&(g[d]=c));return g},n.extend({expando:"jQuery"+(m+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===n.type(a)},isArray:Array.isArray||function(a){return"array"===n.type(a)},isWindow:function(a){return null!=a&&a==a.window},isNumeric:function(a){var b=a&&a.toString();return!n.isArray(a)&&b-parseFloat(b)+1>=0},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},isPlainObject:function(a){var b;if(!a||"object"!==n.type(a)||a.nodeType||n.isWindow(a))return!1;try{if(a.constructor&&!k.call(a,"constructor")&&!k.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}if(!l.ownFirst)for(b in a)return k.call(a,b);for(b in a);return void 0===b||k.call(a,b)},type:function(a){return null==a?a+"":"object"==typeof a||"function"==typeof a?i[j.call(a)]||"object":typeof a},globalEval:function(b){b&&n.trim(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(p,"ms-").replace(q,r)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(s(a)){for(c=a.length;c>d;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").replace(o,"")},makeArray:function(a,b){var c=b||[];return null!=a&&(s(Object(a))?n.merge(c,"string"==typeof a?[a]:a):g.call(c,a)),c},inArray:function(a,b,c){var d;if(b){if(h)return h.call(b,a,c);for(d=b.length,c=c?0>c?Math.max(0,d+c):c:0;d>c;c++)if(c in b&&b[c]===a)return c}return-1},merge:function(a,b){var c=+b.length,d=0,e=a.length;while(c>d)a[e++]=b[d++];if(c!==c)while(void 0!==b[d])a[e++]=b[d++];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;g>f;f++)d=!b(a[f],f),d!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,e,g=0,h=[];if(s(a))for(d=a.length;d>g;g++)e=b(a[g],g,c),null!=e&&h.push(e);else for(g in a)e=b(a[g],g,c),null!=e&&h.push(e);return f.apply([],h)},guid:1,proxy:function(a,b){var c,d,f;return"string"==typeof b&&(f=a[b],b=a,a=f),n.isFunction(a)?(c=e.call(arguments,2),d=function(){return a.apply(b||this,c.concat(e.call(arguments)))},d.guid=a.guid=a.guid||n.guid++,d):void 0},now:function(){return+new Date},support:l}),"function"==typeof Symbol&&(n.fn[Symbol.iterator]=c[Symbol.iterator]),n.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(a,b){i["[object "+b+"]"]=b.toLowerCase()});function s(a){var b=!!a&&"length"in a&&a.length,c=n.type(a);return"function"===c||n.isWindow(a)?!1:"array"===c||0===b||"number"==typeof b&&b>0&&b-1 in a}var t=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ga(),z=ga(),A=ga(),B=function(a,b){return a===b&&(l=!0),0},C=1<<31,D={}.hasOwnProperty,E=[],F=E.pop,G=E.push,H=E.push,I=E.slice,J=function(a,b){for(var c=0,d=a.length;d>c;c++)if(a[c]===b)return c;return-1},K="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",L="[\\x20\\t\\r\\n\\f]",M="(?:\\\\.|[\\w-]|[^\\x00-\\xa0])+",N="\\["+L+"*("+M+")(?:"+L+"*([*^$|!~]?=)"+L+"*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|("+M+"))|)"+L+"*\\]",O=":("+M+")(?:\\((('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|((?:\\\\.|[^\\\\()[\\]]|"+N+")*)|.*)\\)|)",P=new RegExp(L+"+","g"),Q=new RegExp("^"+L+"+|((?:^|[^\\\\])(?:\\\\.)*)"+L+"+$","g"),R=new RegExp("^"+L+"*,"+L+"*"),S=new RegExp("^"+L+"*([>+~]|"+L+")"+L+"*"),T=new RegExp("="+L+"*([^\\]'\"]*?)"+L+"*\\]","g"),U=new RegExp(O),V=new RegExp("^"+M+"$"),W={ID:new RegExp("^#("+M+")"),CLASS:new RegExp("^\\.("+M+")"),TAG:new RegExp("^("+M+"|[*])"),ATTR:new RegExp("^"+N),PSEUDO:new RegExp("^"+O),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+L+"*(even|odd|(([+-]|)(\\d*)n|)"+L+"*(?:([+-]|)"+L+"*(\\d+)|))"+L+"*\\)|)","i"),bool:new RegExp("^(?:"+K+")$","i"),needsContext:new RegExp("^"+L+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+L+"*((?:-\\d)?\\d*)"+L+"*\\)|)(?=[^-]|$)","i")},X=/^(?:input|select|textarea|button)$/i,Y=/^h\d$/i,Z=/^[^{]+\{\s*\[native \w/,$=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,_=/[+~]/,aa=/'|\\/g,ba=new RegExp("\\\\([\\da-f]{1,6}"+L+"?|("+L+")|.)","ig"),ca=function(a,b,c){var d="0x"+b-65536;return d!==d||c?b:0>d?String.fromCharCode(d+65536):String.fromCharCode(d>>10|55296,1023&d|56320)},da=function(){m()};try{H.apply(E=I.call(v.childNodes),v.childNodes),E[v.childNodes.length].nodeType}catch(ea){H={apply:E.length?function(a,b){G.apply(a,I.call(b))}:function(a,b){var c=a.length,d=0;while(a[c++]=b[d++]);a.length=c-1}}}function fa(a,b,d,e){var f,h,j,k,l,o,r,s,w=b&&b.ownerDocument,x=b?b.nodeType:9;if(d=d||[],"string"!=typeof a||!a||1!==x&&9!==x&&11!==x)return d;if(!e&&((b?b.ownerDocument||b:v)!==n&&m(b),b=b||n,p)){if(11!==x&&(o=$.exec(a)))if(f=o[1]){if(9===x){if(!(j=b.getElementById(f)))return d;if(j.id===f)return d.push(j),d}else if(w&&(j=w.getElementById(f))&&t(b,j)&&j.id===f)return d.push(j),d}else{if(o[2])return H.apply(d,b.getElementsByTagName(a)),d;if((f=o[3])&&c.getElementsByClassName&&b.getElementsByClassName)return H.apply(d,b.getElementsByClassName(f)),d}if(c.qsa&&!A[a+" "]&&(!q||!q.test(a))){if(1!==x)w=b,s=a;else if("object"!==b.nodeName.toLowerCase()){(k=b.getAttribute("id"))?k=k.replace(aa,"\\$&"):b.setAttribute("id",k=u),r=g(a),h=r.length,l=V.test(k)?"#"+k:"[id='"+k+"']";while(h--)r[h]=l+" "+qa(r[h]);s=r.join(","),w=_.test(a)&&oa(b.parentNode)||b}if(s)try{return H.apply(d,w.querySelectorAll(s)),d}catch(y){}finally{k===u&&b.removeAttribute("id")}}}return i(a.replace(Q,"$1"),b,d,e)}function ga(){var a=[];function b(c,e){return a.push(c+" ")>d.cacheLength&&delete b[a.shift()],b[c+" "]=e}return b}function ha(a){return a[u]=!0,a}function ia(a){var b=n.createElement("div");try{return!!a(b)}catch(c){return!1}finally{b.parentNode&&b.parentNode.removeChild(b),b=null}}function ja(a,b){var c=a.split("|"),e=c.length;while(e--)d.attrHandle[c[e]]=b}function ka(a,b){var c=b&&a,d=c&&1===a.nodeType&&1===b.nodeType&&(~b.sourceIndex||C)-(~a.sourceIndex||C);if(d)return d;if(c)while(c=c.nextSibling)if(c===b)return-1;return a?1:-1}function la(a){return function(b){var c=b.nodeName.toLowerCase();return"input"===c&&b.type===a}}function ma(a){return function(b){var c=b.nodeName.toLowerCase();return("input"===c||"button"===c)&&b.type===a}}function na(a){return ha(function(b){return b=+b,ha(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e]=c[e]))})})}function oa(a){return a&&"undefined"!=typeof a.getElementsByTagName&&a}c=fa.support={},f=fa.isXML=function(a){var b=a&&(a.ownerDocument||a).documentElement;return b?"HTML"!==b.nodeName:!1},m=fa.setDocument=function(a){var b,e,g=a?a.ownerDocument||a:v;return g!==n&&9===g.nodeType&&g.documentElement?(n=g,o=n.documentElement,p=!f(n),(e=n.defaultView)&&e.top!==e&&(e.addEventListener?e.addEventListener("unload",da,!1):e.attachEvent&&e.attachEvent("onunload",da)),c.attributes=ia(function(a){return a.className="i",!a.getAttribute("className")}),c.getElementsByTagName=ia(function(a){return a.appendChild(n.createComment("")),!a.getElementsByTagName("*").length}),c.getElementsByClassName=Z.test(n.getElementsByClassName),c.getById=ia(function(a){return o.appendChild(a).id=u,!n.getElementsByName||!n.getElementsByName(u).length}),c.getById?(d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c=b.getElementById(a);return c?[c]:[]}},d.filter.ID=function(a){var b=a.replace(ba,ca);return function(a){return a.getAttribute("id")===b}}):(delete d.find.ID,d.filter.ID=function(a){var b=a.replace(ba,ca);return function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}}),d.find.TAG=c.getElementsByTagName?function(a,b){return"undefined"!=typeof b.getElementsByTagName?b.getElementsByTagName(a):c.qsa?b.querySelectorAll(a):void 0}:function(a,b){var c,d=[],e=0,f=b.getElementsByTagName(a);if("*"===a){while(c=f[e++])1===c.nodeType&&d.push(c);return d}return f},d.find.CLASS=c.getElementsByClassName&&function(a,b){return"undefined"!=typeof b.getElementsByClassName&&p?b.getElementsByClassName(a):void 0},r=[],q=[],(c.qsa=Z.test(n.querySelectorAll))&&(ia(function(a){o.appendChild(a).innerHTML="<a id='"+u+"'></a><select id='"+u+"-\r\\' msallowcapture=''><option selected=''></option></select>",a.querySelectorAll("[msallowcapture^='']").length&&q.push("[*^$]="+L+"*(?:''|\"\")"),a.querySelectorAll("[selected]").length||q.push("\\["+L+"*(?:value|"+K+")"),a.querySelectorAll("[id~="+u+"-]").length||q.push("~="),a.querySelectorAll(":checked").length||q.push(":checked"),a.querySelectorAll("a#"+u+"+*").length||q.push(".#.+[+~]")}),ia(function(a){var b=n.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+L+"*[*^$|!~]?="),a.querySelectorAll(":enabled").length||q.push(":enabled",":disabled"),a.querySelectorAll("*,:x"),q.push(",.*:")})),(c.matchesSelector=Z.test(s=o.matches||o.webkitMatchesSelector||o.mozMatchesSelector||o.oMatchesSelector||o.msMatchesSelector))&&ia(function(a){c.disconnectedMatch=s.call(a,"div"),s.call(a,"[s!='']:x"),r.push("!=",O)}),q=q.length&&new RegExp(q.join("|")),r=r.length&&new RegExp(r.join("|")),b=Z.test(o.compareDocumentPosition),t=b||Z.test(o.contains)?function(a,b){var c=9===a.nodeType?a.documentElement:a,d=b&&b.parentNode;return a===d||!(!d||1!==d.nodeType||!(c.contains?c.contains(d):a.compareDocumentPosition&&16&a.compareDocumentPosition(d)))}:function(a,b){if(b)while(b=b.parentNode)if(b===a)return!0;return!1},B=b?function(a,b){if(a===b)return l=!0,0;var d=!a.compareDocumentPosition-!b.compareDocumentPosition;return d?d:(d=(a.ownerDocument||a)===(b.ownerDocument||b)?a.compareDocumentPosition(b):1,1&d||!c.sortDetached&&b.compareDocumentPosition(a)===d?a===n||a.ownerDocument===v&&t(v,a)?-1:b===n||b.ownerDocument===v&&t(v,b)?1:k?J(k,a)-J(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,g=[a],h=[b];if(!e||!f)return a===n?-1:b===n?1:e?-1:f?1:k?J(k,a)-J(k,b):0;if(e===f)return ka(a,b);c=a;while(c=c.parentNode)g.unshift(c);c=b;while(c=c.parentNode)h.unshift(c);while(g[d]===h[d])d++;return d?ka(g[d],h[d]):g[d]===v?-1:h[d]===v?1:0},n):n},fa.matches=function(a,b){return fa(a,null,null,b)},fa.matchesSelector=function(a,b){if((a.ownerDocument||a)!==n&&m(a),b=b.replace(T,"='$1']"),c.matchesSelector&&p&&!A[b+" "]&&(!r||!r.test(b))&&(!q||!q.test(b)))try{var d=s.call(a,b);if(d||c.disconnectedMatch||a.document&&11!==a.document.nodeType)return d}catch(e){}return fa(b,n,null,[a]).length>0},fa.contains=function(a,b){return(a.ownerDocument||a)!==n&&m(a),t(a,b)},fa.attr=function(a,b){(a.ownerDocument||a)!==n&&m(a);var e=d.attrHandle[b.toLowerCase()],f=e&&D.call(d.attrHandle,b.toLowerCase())?e(a,b,!p):void 0;return void 0!==f?f:c.attributes||!p?a.getAttribute(b):(f=a.getAttributeNode(b))&&f.specified?f.value:null},fa.error=function(a){throw new Error("Syntax error, unrecognized expression: "+a)},fa.uniqueSort=function(a){var b,d=[],e=0,f=0;if(l=!c.detectDuplicates,k=!c.sortStable&&a.slice(0),a.sort(B),l){while(b=a[f++])b===a[f]&&(e=d.push(f));while(e--)a.splice(d[e],1)}return k=null,a},e=fa.getText=function(a){var b,c="",d=0,f=a.nodeType;if(f){if(1===f||9===f||11===f){if("string"==typeof a.textContent)return a.textContent;for(a=a.firstChild;a;a=a.nextSibling)c+=e(a)}else if(3===f||4===f)return a.nodeValue}else while(b=a[d++])c+=e(b);return c},d=fa.selectors={cacheLength:50,createPseudo:ha,match:W,attrHandle:{},find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(a){return a[1]=a[1].replace(ba,ca),a[3]=(a[3]||a[4]||a[5]||"").replace(ba,ca),"~="===a[2]&&(a[3]=" "+a[3]+" "),a.slice(0,4)},CHILD:function(a){return a[1]=a[1].toLowerCase(),"nth"===a[1].slice(0,3)?(a[3]||fa.error(a[0]),a[4]=+(a[4]?a[5]+(a[6]||1):2*("even"===a[3]||"odd"===a[3])),a[5]=+(a[7]+a[8]||"odd"===a[3])):a[3]&&fa.error(a[0]),a},PSEUDO:function(a){var b,c=!a[6]&&a[2];return W.CHILD.test(a[0])?null:(a[3]?a[2]=a[4]||a[5]||"":c&&U.test(c)&&(b=g(c,!0))&&(b=c.indexOf(")",c.length-b)-c.length)&&(a[0]=a[0].slice(0,b),a[2]=c.slice(0,b)),a.slice(0,3))}},filter:{TAG:function(a){var b=a.replace(ba,ca).toLowerCase();return"*"===a?function(){return!0}:function(a){return a.nodeName&&a.nodeName.toLowerCase()===b}},CLASS:function(a){var b=y[a+" "];return b||(b=new RegExp("(^|"+L+")"+a+"("+L+"|$)"))&&y(a,function(a){return b.test("string"==typeof a.className&&a.className||"undefined"!=typeof a.getAttribute&&a.getAttribute("class")||"")})},ATTR:function(a,b,c){return function(d){var e=fa.attr(d,a);return null==e?"!="===b:b?(e+="","="===b?e===c:"!="===b?e!==c:"^="===b?c&&0===e.indexOf(c):"*="===b?c&&e.indexOf(c)>-1:"$="===b?c&&e.slice(-c.length)===c:"~="===b?(" "+e.replace(P," ")+" ").indexOf(c)>-1:"|="===b?e===c||e.slice(0,c.length+1)===c+"-":!1):!0}},CHILD:function(a,b,c,d,e){var f="nth"!==a.slice(0,3),g="last"!==a.slice(-4),h="of-type"===b;return 1===d&&0===e?function(a){return!!a.parentNode}:function(b,c,i){var j,k,l,m,n,o,p=f!==g?"nextSibling":"previousSibling",q=b.parentNode,r=h&&b.nodeName.toLowerCase(),s=!i&&!h,t=!1;if(q){if(f){while(p){m=b;while(m=m[p])if(h?m.nodeName.toLowerCase()===r:1===m.nodeType)return!1;o=p="only"===a&&!o&&"nextSibling"}return!0}if(o=[g?q.firstChild:q.lastChild],g&&s){m=q,l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),j=k[a]||[],n=j[0]===w&&j[1],t=n&&j[2],m=n&&q.childNodes[n];while(m=++n&&m&&m[p]||(t=n=0)||o.pop())if(1===m.nodeType&&++t&&m===b){k[a]=[w,n,t];break}}else if(s&&(m=b,l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),j=k[a]||[],n=j[0]===w&&j[1],t=n),t===!1)while(m=++n&&m&&m[p]||(t=n=0)||o.pop())if((h?m.nodeName.toLowerCase()===r:1===m.nodeType)&&++t&&(s&&(l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),k[a]=[w,t]),m===b))break;return t-=e,t===d||t%d===0&&t/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]||d.setFilters[a.toLowerCase()]||fa.error("unsupported pseudo: "+a);return e[u]?e(b):e.length>1?(c=[a,a,"",b],d.setFilters.hasOwnProperty(a.toLowerCase())?ha(function(a,c){var d,f=e(a,b),g=f.length;while(g--)d=J(a,f[g]),a[d]=!(c[d]=f[g])}):function(a){return e(a,0,c)}):e}},pseudos:{not:ha(function(a){var b=[],c=[],d=h(a.replace(Q,"$1"));return d[u]?ha(function(a,b,c,e){var f,g=d(a,null,e,[]),h=a.length;while(h--)(f=g[h])&&(a[h]=!(b[h]=f))}):function(a,e,f){return b[0]=a,d(b,null,f,c),b[0]=null,!c.pop()}}),has:ha(function(a){return function(b){return fa(a,b).length>0}}),contains:ha(function(a){return a=a.replace(ba,ca),function(b){return(b.textContent||b.innerText||e(b)).indexOf(a)>-1}}),lang:ha(function(a){return V.test(a||"")||fa.error("unsupported lang: "+a),a=a.replace(ba,ca).toLowerCase(),function(b){var c;do if(c=p?b.lang:b.getAttribute("xml:lang")||b.getAttribute("lang"))return c=c.toLowerCase(),c===a||0===c.indexOf(a+"-");while((b=b.parentNode)&&1===b.nodeType);return!1}}),target:function(b){var c=a.location&&a.location.hash;return c&&c.slice(1)===b.id},root:function(a){return a===o},focus:function(a){return a===n.activeElement&&(!n.hasFocus||n.hasFocus())&&!!(a.type||a.href||~a.tabIndex)},enabled:function(a){return a.disabled===!1},disabled:function(a){return a.disabled===!0},checked:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&!!a.checked||"option"===b&&!!a.selected},selected:function(a){return a.parentNode&&a.parentNode.selectedIndex,a.selected===!0},empty:function(a){for(a=a.firstChild;a;a=a.nextSibling)if(a.nodeType<6)return!1;return!0},parent:function(a){return!d.pseudos.empty(a)},header:function(a){return Y.test(a.nodeName)},input:function(a){return X.test(a.nodeName)},button:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&"button"===a.type||"button"===b},text:function(a){var b;return"input"===a.nodeName.toLowerCase()&&"text"===a.type&&(null==(b=a.getAttribute("type"))||"text"===b.toLowerCase())},first:na(function(){return[0]}),last:na(function(a,b){return[b-1]}),eq:na(function(a,b,c){return[0>c?c+b:c]}),even:na(function(a,b){for(var c=0;b>c;c+=2)a.push(c);return a}),odd:na(function(a,b){for(var c=1;b>c;c+=2)a.push(c);return a}),lt:na(function(a,b,c){for(var d=0>c?c+b:c;--d>=0;)a.push(d);return a}),gt:na(function(a,b,c){for(var d=0>c?c+b:c;++d<b;)a.push(d);return a})}},d.pseudos.nth=d.pseudos.eq;for(b in{radio:!0,checkbox:!0,file:!0,password:!0,image:!0})d.pseudos[b]=la(b);for(b in{submit:!0,reset:!0})d.pseudos[b]=ma(b);function pa(){}pa.prototype=d.filters=d.pseudos,d.setFilters=new pa,g=fa.tokenize=function(a,b){var c,e,f,g,h,i,j,k=z[a+" "];if(k)return b?0:k.slice(0);h=a,i=[],j=d.preFilter;while(h){c&&!(e=R.exec(h))||(e&&(h=h.slice(e[0].length)||h),i.push(f=[])),c=!1,(e=S.exec(h))&&(c=e.shift(),f.push({value:c,type:e[0].replace(Q," ")}),h=h.slice(c.length));for(g in d.filter)!(e=W[g].exec(h))||j[g]&&!(e=j[g](e))||(c=e.shift(),f.push({value:c,type:g,matches:e}),h=h.slice(c.length));if(!c)break}return b?h.length:h?fa.error(a):z(a,i).slice(0)};function qa(a){for(var b=0,c=a.length,d="";c>b;b++)d+=a[b].value;return d}function ra(a,b,c){var d=b.dir,e=c&&"parentNode"===d,f=x++;return b.first?function(b,c,f){while(b=b[d])if(1===b.nodeType||e)return a(b,c,f)}:function(b,c,g){var h,i,j,k=[w,f];if(g){while(b=b[d])if((1===b.nodeType||e)&&a(b,c,g))return!0}else while(b=b[d])if(1===b.nodeType||e){if(j=b[u]||(b[u]={}),i=j[b.uniqueID]||(j[b.uniqueID]={}),(h=i[d])&&h[0]===w&&h[1]===f)return k[2]=h[2];if(i[d]=k,k[2]=a(b,c,g))return!0}}}function sa(a){return a.length>1?function(b,c,d){var e=a.length;while(e--)if(!a[e](b,c,d))return!1;return!0}:a[0]}function ta(a,b,c){for(var d=0,e=b.length;e>d;d++)fa(a,b[d],c);return c}function ua(a,b,c,d,e){for(var f,g=[],h=0,i=a.length,j=null!=b;i>h;h++)(f=a[h])&&(c&&!c(f,d,e)||(g.push(f),j&&b.push(h)));return g}function va(a,b,c,d,e,f){return d&&!d[u]&&(d=va(d)),e&&!e[u]&&(e=va(e,f)),ha(function(f,g,h,i){var j,k,l,m=[],n=[],o=g.length,p=f||ta(b||"*",h.nodeType?[h]:h,[]),q=!a||!f&&b?p:ua(p,m,a,h,i),r=c?e||(f?a:o||d)?[]:g:q;if(c&&c(q,r,h,i),d){j=ua(r,n),d(j,[],h,i),k=j.length;while(k--)(l=j[k])&&(r[n[k]]=!(q[n[k]]=l))}if(f){if(e||a){if(e){j=[],k=r.length;while(k--)(l=r[k])&&j.push(q[k]=l);e(null,r=[],j,i)}k=r.length;while(k--)(l=r[k])&&(j=e?J(f,l):m[k])>-1&&(f[j]=!(g[j]=l))}}else r=ua(r===g?r.splice(o,r.length):r),e?e(null,g,r,i):H.apply(g,r)})}function wa(a){for(var b,c,e,f=a.length,g=d.relative[a[0].type],h=g||d.relative[" "],i=g?1:0,k=ra(function(a){return a===b},h,!0),l=ra(function(a){return J(b,a)>-1},h,!0),m=[function(a,c,d){var e=!g&&(d||c!==j)||((b=c).nodeType?k(a,c,d):l(a,c,d));return b=null,e}];f>i;i++)if(c=d.relative[a[i].type])m=[ra(sa(m),c)];else{if(c=d.filter[a[i].type].apply(null,a[i].matches),c[u]){for(e=++i;f>e;e++)if(d.relative[a[e].type])break;return va(i>1&&sa(m),i>1&&qa(a.slice(0,i-1).concat({value:" "===a[i-2].type?"*":""})).replace(Q,"$1"),c,e>i&&wa(a.slice(i,e)),f>e&&wa(a=a.slice(e)),f>e&&qa(a))}m.push(c)}return sa(m)}function xa(a,b){var c=b.length>0,e=a.length>0,f=function(f,g,h,i,k){var l,o,q,r=0,s="0",t=f&&[],u=[],v=j,x=f||e&&d.find.TAG("*",k),y=w+=null==v?1:Math.random()||.1,z=x.length;for(k&&(j=g===n||g||k);s!==z&&null!=(l=x[s]);s++){if(e&&l){o=0,g||l.ownerDocument===n||(m(l),h=!p);while(q=a[o++])if(q(l,g||n,h)){i.push(l);break}k&&(w=y)}c&&((l=!q&&l)&&r--,f&&t.push(l))}if(r+=s,c&&s!==r){o=0;while(q=b[o++])q(t,u,g,h);if(f){if(r>0)while(s--)t[s]||u[s]||(u[s]=F.call(i));u=ua(u)}H.apply(i,u),k&&!f&&u.length>0&&r+b.length>1&&fa.uniqueSort(i)}return k&&(w=y,j=v),t};return c?ha(f):f}return h=fa.compile=function(a,b){var c,d=[],e=[],f=A[a+" "];if(!f){b||(b=g(a)),c=b.length;while(c--)f=wa(b[c]),f[u]?d.push(f):e.push(f);f=A(a,xa(e,d)),f.selector=a}return f},i=fa.select=function(a,b,e,f){var i,j,k,l,m,n="function"==typeof a&&a,o=!f&&g(a=n.selector||a);if(e=e||[],1===o.length){if(j=o[0]=o[0].slice(0),j.length>2&&"ID"===(k=j[0]).type&&c.getById&&9===b.nodeType&&p&&d.relative[j[1].type]){if(b=(d.find.ID(k.matches[0].replace(ba,ca),b)||[])[0],!b)return e;n&&(b=b.parentNode),a=a.slice(j.shift().value.length)}i=W.needsContext.test(a)?0:j.length;while(i--){if(k=j[i],d.relative[l=k.type])break;if((m=d.find[l])&&(f=m(k.matches[0].replace(ba,ca),_.test(j[0].type)&&oa(b.parentNode)||b))){if(j.splice(i,1),a=f.length&&qa(j),!a)return H.apply(e,f),e;break}}}return(n||h(a,o))(f,b,!p,e,!b||_.test(a)&&oa(b.parentNode)||b),e},c.sortStable=u.split("").sort(B).join("")===u,c.detectDuplicates=!!l,m(),c.sortDetached=ia(function(a){return 1&a.compareDocumentPosition(n.createElement("div"))}),ia(function(a){return a.innerHTML="<a href='#'></a>","#"===a.firstChild.getAttribute("href")})||ja("type|href|height|width",function(a,b,c){return c?void 0:a.getAttribute(b,"type"===b.toLowerCase()?1:2)}),c.attributes&&ia(function(a){return a.innerHTML="<input/>",a.firstChild.setAttribute("value",""),""===a.firstChild.getAttribute("value")})||ja("value",function(a,b,c){return c||"input"!==a.nodeName.toLowerCase()?void 0:a.defaultValue}),ia(function(a){return null==a.getAttribute("disabled")})||ja(K,function(a,b,c){var d;return c?void 0:a[b]===!0?b.toLowerCase():(d=a.getAttributeNode(b))&&d.specified?d.value:null}),fa}(a);n.find=t,n.expr=t.selectors,n.expr[":"]=n.expr.pseudos,n.uniqueSort=n.unique=t.uniqueSort,n.text=t.getText,n.isXMLDoc=t.isXML,n.contains=t.contains;var u=function(a,b,c){var d=[],e=void 0!==c;while((a=a[b])&&9!==a.nodeType)if(1===a.nodeType){if(e&&n(a).is(c))break;d.push(a)}return d},v=function(a,b){for(var c=[];a;a=a.nextSibling)1===a.nodeType&&a!==b&&c.push(a);return c},w=n.expr.match.needsContext,x=/^<([\w-]+)\s*\/?>(?:<\/\1>|)$/,y=/^.[^:#\[\.,]*$/;function z(a,b,c){if(n.isFunction(b))return n.grep(a,function(a,d){return!!b.call(a,d,a)!==c});if(b.nodeType)return n.grep(a,function(a){return a===b!==c});if("string"==typeof b){if(y.test(b))return n.filter(b,a,c);b=n.filter(b,a)}return n.grep(a,function(a){return n.inArray(a,b)>-1!==c})}n.filter=function(a,b,c){var d=b[0];return c&&(a=":not("+a+")"),1===b.length&&1===d.nodeType?n.find.matchesSelector(d,a)?[d]:[]:n.find.matches(a,n.grep(b,function(a){return 1===a.nodeType}))},n.fn.extend({find:function(a){var b,c=[],d=this,e=d.length;if("string"!=typeof a)return this.pushStack(n(a).filter(function(){for(b=0;e>b;b++)if(n.contains(d[b],this))return!0}));for(b=0;e>b;b++)n.find(a,d[b],c);return c=this.pushStack(e>1?n.unique(c):c),c.selector=this.selector?this.selector+" "+a:a,c},filter:function(a){return this.pushStack(z(this,a||[],!1))},not:function(a){return this.pushStack(z(this,a||[],!0))},is:function(a){return!!z(this,"string"==typeof a&&w.test(a)?n(a):a||[],!1).length}});var A,B=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]*))$/,C=n.fn.init=function(a,b,c){var e,f;if(!a)return this;if(c=c||A,"string"==typeof a){if(e="<"===a.charAt(0)&&">"===a.charAt(a.length-1)&&a.length>=3?[null,a,null]:B.exec(a),!e||!e[1]&&b)return!b||b.jquery?(b||c).find(a):this.constructor(b).find(a);if(e[1]){if(b=b instanceof n?b[0]:b,n.merge(this,n.parseHTML(e[1],b&&b.nodeType?b.ownerDocument||b:d,!0)),x.test(e[1])&&n.isPlainObject(b))for(e in b)n.isFunction(this[e])?this[e](b[e]):this.attr(e,b[e]);return this}if(f=d.getElementById(e[2]),f&&f.parentNode){if(f.id!==e[2])return A.find(a);this.length=1,this[0]=f}return this.context=d,this.selector=a,this}return a.nodeType?(this.context=this[0]=a,this.length=1,this):n.isFunction(a)?"undefined"!=typeof c.ready?c.ready(a):a(n):(void 0!==a.selector&&(this.selector=a.selector,this.context=a.context),n.makeArray(a,this))};C.prototype=n.fn,A=n(d);var D=/^(?:parents|prev(?:Until|All))/,E={children:!0,contents:!0,next:!0,prev:!0};n.fn.extend({has:function(a){var b,c=n(a,this),d=c.length;return this.filter(function(){for(b=0;d>b;b++)if(n.contains(this,c[b]))return!0})},closest:function(a,b){for(var c,d=0,e=this.length,f=[],g=w.test(a)||"string"!=typeof a?n(a,b||this.context):0;e>d;d++)for(c=this[d];c&&c!==b;c=c.parentNode)if(c.nodeType<11&&(g?g.index(c)>-1:1===c.nodeType&&n.find.matchesSelector(c,a))){f.push(c);break}return this.pushStack(f.length>1?n.uniqueSort(f):f)},index:function(a){return a?"string"==typeof a?n.inArray(this[0],n(a)):n.inArray(a.jquery?a[0]:a,this):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(a,b){return this.pushStack(n.uniqueSort(n.merge(this.get(),n(a,b))))},addBack:function(a){return this.add(null==a?this.prevObject:this.prevObject.filter(a))}});function F(a,b){do a=a[b];while(a&&1!==a.nodeType);return a}n.each({parent:function(a){var b=a.parentNode;return b&&11!==b.nodeType?b:null},parents:function(a){return u(a,"parentNode")},parentsUntil:function(a,b,c){return u(a,"parentNode",c)},next:function(a){return F(a,"nextSibling")},prev:function(a){return F(a,"previousSibling")},nextAll:function(a){return u(a,"nextSibling")},prevAll:function(a){return u(a,"previousSibling")},nextUntil:function(a,b,c){return u(a,"nextSibling",c)},prevUntil:function(a,b,c){return u(a,"previousSibling",c)},siblings:function(a){return v((a.parentNode||{}).firstChild,a)},children:function(a){return v(a.firstChild)},contents:function(a){return n.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:n.merge([],a.childNodes)}},function(a,b){n.fn[a]=function(c,d){var e=n.map(this,b,c);return"Until"!==a.slice(-5)&&(d=c),d&&"string"==typeof d&&(e=n.filter(d,e)),this.length>1&&(E[a]||(e=n.uniqueSort(e)),D.test(a)&&(e=e.reverse())),this.pushStack(e)}});var G=/\S+/g;function H(a){var b={};return n.each(a.match(G)||[],function(a,c){b[c]=!0}),b}n.Callbacks=function(a){a="string"==typeof a?H(a):n.extend({},a);var b,c,d,e,f=[],g=[],h=-1,i=function(){for(e=a.once,d=b=!0;g.length;h=-1){c=g.shift();while(++h<f.length)f[h].apply(c[0],c[1])===!1&&a.stopOnFalse&&(h=f.length,c=!1)}a.memory||(c=!1),b=!1,e&&(f=c?[]:"")},j={add:function(){return f&&(c&&!b&&(h=f.length-1,g.push(c)),function d(b){n.each(b,function(b,c){n.isFunction(c)?a.unique&&j.has(c)||f.push(c):c&&c.length&&"string"!==n.type(c)&&d(c)})}(arguments),c&&!b&&i()),this},remove:function(){return n.each(arguments,function(a,b){var c;while((c=n.inArray(b,f,c))>-1)f.splice(c,1),h>=c&&h--}),this},has:function(a){return a?n.inArray(a,f)>-1:f.length>0},empty:function(){return f&&(f=[]),this},disable:function(){return e=g=[],f=c="",this},disabled:function(){return!f},lock:function(){return e=!0,c||j.disable(),this},locked:function(){return!!e},fireWith:function(a,c){return e||(c=c||[],c=[a,c.slice?c.slice():c],g.push(c),b||i()),this},fire:function(){return j.fireWith(this,arguments),this},fired:function(){return!!d}};return j},n.extend({Deferred:function(a){var b=[["resolve","done",n.Callbacks("once memory"),"resolved"],["reject","fail",n.Callbacks("once memory"),"rejected"],["notify","progress",n.Callbacks("memory")]],c="pending",d={state:function(){return c},always:function(){return e.done(arguments).fail(arguments),this},then:function(){var a=arguments;return n.Deferred(function(c){n.each(b,function(b,f){var g=n.isFunction(a[b])&&a[b];e[f[1]](function(){var a=g&&g.apply(this,arguments);a&&n.isFunction(a.promise)?a.promise().progress(c.notify).done(c.resolve).fail(c.reject):c[f[0]+"With"](this===d?c.promise():this,g?[a]:arguments)})}),a=null}).promise()},promise:function(a){return null!=a?n.extend(a,d):d}},e={};return d.pipe=d.then,n.each(b,function(a,f){var g=f[2],h=f[3];d[f[1]]=g.add,h&&g.add(function(){c=h},b[1^a][2].disable,b[2][2].lock),e[f[0]]=function(){return e[f[0]+"With"](this===e?d:this,arguments),this},e[f[0]+"With"]=g.fireWith}),d.promise(e),a&&a.call(e,e),e},when:function(a){var b=0,c=e.call(arguments),d=c.length,f=1!==d||a&&n.isFunction(a.promise)?d:0,g=1===f?a:n.Deferred(),h=function(a,b,c){return function(d){b[a]=this,c[a]=arguments.length>1?e.call(arguments):d,c===i?g.notifyWith(b,c):--f||g.resolveWith(b,c)}},i,j,k;if(d>1)for(i=new Array(d),j=new Array(d),k=new Array(d);d>b;b++)c[b]&&n.isFunction(c[b].promise)?c[b].promise().progress(h(b,j,i)).done(h(b,k,c)).fail(g.reject):--f;return f||g.resolveWith(k,c),g.promise()}});var I;n.fn.ready=function(a){return n.ready.promise().done(a),this},n.extend({isReady:!1,readyWait:1,holdReady:function(a){a?n.readyWait++:n.ready(!0)},ready:function(a){(a===!0?--n.readyWait:n.isReady)||(n.isReady=!0,a!==!0&&--n.readyWait>0||(I.resolveWith(d,[n]),n.fn.triggerHandler&&(n(d).triggerHandler("ready"),n(d).off("ready"))))}});function J(){d.addEventListener?(d.removeEventListener("DOMContentLoaded",K),a.removeEventListener("load",K)):(d.detachEvent("onreadystatechange",K),a.detachEvent("onload",K))}function K(){(d.addEventListener||"load"===a.event.type||"complete"===d.readyState)&&(J(),n.ready())}n.ready.promise=function(b){if(!I)if(I=n.Deferred(),"complete"===d.readyState||"loading"!==d.readyState&&!d.documentElement.doScroll)a.setTimeout(n.ready);else if(d.addEventListener)d.addEventListener("DOMContentLoaded",K),a.addEventListener("load",K);else{d.attachEvent("onreadystatechange",K),a.attachEvent("onload",K);var c=!1;try{c=null==a.frameElement&&d.documentElement}catch(e){}c&&c.doScroll&&!function f(){if(!n.isReady){try{c.doScroll("left")}catch(b){return a.setTimeout(f,50)}J(),n.ready()}}()}return I.promise(b)},n.ready.promise();var L;for(L in n(l))break;l.ownFirst="0"===L,l.inlineBlockNeedsLayout=!1,n(function(){var a,b,c,e;c=d.getElementsByTagName("body")[0],c&&c.style&&(b=d.createElement("div"),e=d.createElement("div"),e.style.cssText="position:absolute;border:0;width:0;height:0;top:0;left:-9999px",c.appendChild(e).appendChild(b),"undefined"!=typeof b.style.zoom&&(b.style.cssText="display:inline;margin:0;border:0;padding:1px;width:1px;zoom:1",l.inlineBlockNeedsLayout=a=3===b.offsetWidth,a&&(c.style.zoom=1)),c.removeChild(e))}),function(){var a=d.createElement("div");l.deleteExpando=!0;try{delete a.test}catch(b){l.deleteExpando=!1}a=null}();var M=function(a){var b=n.noData[(a.nodeName+" ").toLowerCase()],c=+a.nodeType||1;return 1!==c&&9!==c?!1:!b||b!==!0&&a.getAttribute("classid")===b},N=/^(?:\{[\w\W]*\}|\[[\w\W]*\])$/,O=/([A-Z])/g;function P(a,b,c){if(void 0===c&&1===a.nodeType){var d="data-"+b.replace(O,"-$1").toLowerCase();if(c=a.getAttribute(d),"string"==typeof c){try{c="true"===c?!0:"false"===c?!1:"null"===c?null:+c+""===c?+c:N.test(c)?n.parseJSON(c):c}catch(e){}n.data(a,b,c)}else c=void 0; >}return c}function Q(a){var b;for(b in a)if(("data"!==b||!n.isEmptyObject(a[b]))&&"toJSON"!==b)return!1;return!0}function R(a,b,d,e){if(M(a)){var f,g,h=n.expando,i=a.nodeType,j=i?n.cache:a,k=i?a[h]:a[h]&&h;if(k&&j[k]&&(e||j[k].data)||void 0!==d||"string"!=typeof b)return k||(k=i?a[h]=c.pop()||n.guid++:h),j[k]||(j[k]=i?{}:{toJSON:n.noop}),"object"!=typeof b&&"function"!=typeof b||(e?j[k]=n.extend(j[k],b):j[k].data=n.extend(j[k].data,b)),g=j[k],e||(g.data||(g.data={}),g=g.data),void 0!==d&&(g[n.camelCase(b)]=d),"string"==typeof b?(f=g[b],null==f&&(f=g[n.camelCase(b)])):f=g,f}}function S(a,b,c){if(M(a)){var d,e,f=a.nodeType,g=f?n.cache:a,h=f?a[n.expando]:n.expando;if(g[h]){if(b&&(d=c?g[h]:g[h].data)){n.isArray(b)?b=b.concat(n.map(b,n.camelCase)):b in d?b=[b]:(b=n.camelCase(b),b=b in d?[b]:b.split(" ")),e=b.length;while(e--)delete d[b[e]];if(c?!Q(d):!n.isEmptyObject(d))return}(c||(delete g[h].data,Q(g[h])))&&(f?n.cleanData([a],!0):l.deleteExpando||g!=g.window?delete g[h]:g[h]=void 0)}}}n.extend({cache:{},noData:{"applet ":!0,"embed ":!0,"object ":"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"},hasData:function(a){return a=a.nodeType?n.cache[a[n.expando]]:a[n.expando],!!a&&!Q(a)},data:function(a,b,c){return R(a,b,c)},removeData:function(a,b){return S(a,b)},_data:function(a,b,c){return R(a,b,c,!0)},_removeData:function(a,b){return S(a,b,!0)}}),n.fn.extend({data:function(a,b){var c,d,e,f=this[0],g=f&&f.attributes;if(void 0===a){if(this.length&&(e=n.data(f),1===f.nodeType&&!n._data(f,"parsedAttrs"))){c=g.length;while(c--)g[c]&&(d=g[c].name,0===d.indexOf("data-")&&(d=n.camelCase(d.slice(5)),P(f,d,e[d])));n._data(f,"parsedAttrs",!0)}return e}return"object"==typeof a?this.each(function(){n.data(this,a)}):arguments.length>1?this.each(function(){n.data(this,a,b)}):f?P(f,a,n.data(f,a)):void 0},removeData:function(a){return this.each(function(){n.removeData(this,a)})}}),n.extend({queue:function(a,b,c){var d;return a?(b=(b||"fx")+"queue",d=n._data(a,b),c&&(!d||n.isArray(c)?d=n._data(a,b,n.makeArray(c)):d.push(c)),d||[]):void 0},dequeue:function(a,b){b=b||"fx";var c=n.queue(a,b),d=c.length,e=c.shift(),f=n._queueHooks(a,b),g=function(){n.dequeue(a,b)};"inprogress"===e&&(e=c.shift(),d--),e&&("fx"===b&&c.unshift("inprogress"),delete f.stop,e.call(a,g,f)),!d&&f&&f.empty.fire()},_queueHooks:function(a,b){var c=b+"queueHooks";return n._data(a,c)||n._data(a,c,{empty:n.Callbacks("once memory").add(function(){n._removeData(a,b+"queue"),n._removeData(a,c)})})}}),n.fn.extend({queue:function(a,b){var c=2;return"string"!=typeof a&&(b=a,a="fx",c--),arguments.length<c?n.queue(this[0],a):void 0===b?this:this.each(function(){var c=n.queue(this,a,b);n._queueHooks(this,a),"fx"===a&&"inprogress"!==c[0]&&n.dequeue(this,a)})},dequeue:function(a){return this.each(function(){n.dequeue(this,a)})},clearQueue:function(a){return this.queue(a||"fx",[])},promise:function(a,b){var c,d=1,e=n.Deferred(),f=this,g=this.length,h=function(){--d||e.resolveWith(f,[f])};"string"!=typeof a&&(b=a,a=void 0),a=a||"fx";while(g--)c=n._data(f[g],a+"queueHooks"),c&&c.empty&&(d++,c.empty.add(h));return h(),e.promise(b)}}),function(){var a;l.shrinkWrapBlocks=function(){if(null!=a)return a;a=!1;var b,c,e;return c=d.getElementsByTagName("body")[0],c&&c.style?(b=d.createElement("div"),e=d.createElement("div"),e.style.cssText="position:absolute;border:0;width:0;height:0;top:0;left:-9999px",c.appendChild(e).appendChild(b),"undefined"!=typeof b.style.zoom&&(b.style.cssText="-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;display:block;margin:0;border:0;padding:1px;width:1px;zoom:1",b.appendChild(d.createElement("div")).style.width="5px",a=3!==b.offsetWidth),c.removeChild(e),a):void 0}}();var T=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,U=new RegExp("^(?:([+-])=|)("+T+")([a-z%]*)$","i"),V=["Top","Right","Bottom","Left"],W=function(a,b){return a=b||a,"none"===n.css(a,"display")||!n.contains(a.ownerDocument,a)};function X(a,b,c,d){var e,f=1,g=20,h=d?function(){return d.cur()}:function(){return n.css(a,b,"")},i=h(),j=c&&c[3]||(n.cssNumber[b]?"":"px"),k=(n.cssNumber[b]||"px"!==j&&+i)&&U.exec(n.css(a,b));if(k&&k[3]!==j){j=j||k[3],c=c||[],k=+i||1;do f=f||".5",k/=f,n.style(a,b,k+j);while(f!==(f=h()/i)&&1!==f&&--g)}return c&&(k=+k||+i||0,e=c[1]?k+(c[1]+1)*c[2]:+c[2],d&&(d.unit=j,d.start=k,d.end=e)),e}var Y=function(a,b,c,d,e,f,g){var h=0,i=a.length,j=null==c;if("object"===n.type(c)){e=!0;for(h in c)Y(a,b,h,c[h],!0,f,g)}else if(void 0!==d&&(e=!0,n.isFunction(d)||(g=!0),j&&(g?(b.call(a,d),b=null):(j=b,b=function(a,b,c){return j.call(n(a),c)})),b))for(;i>h;h++)b(a[h],c,g?d:d.call(a[h],h,b(a[h],c)));return e?a:j?b.call(a):i?b(a[0],c):f},Z=/^(?:checkbox|radio)$/i,$=/<([\w:-]+)/,_=/^$|\/(?:java|ecma)script/i,aa=/^\s+/,ba="abbr|article|aside|audio|bdi|canvas|data|datalist|details|dialog|figcaption|figure|footer|header|hgroup|main|mark|meter|nav|output|picture|progress|section|summary|template|time|video";function ca(a){var b=ba.split("|"),c=a.createDocumentFragment();if(c.createElement)while(b.length)c.createElement(b.pop());return c}!function(){var a=d.createElement("div"),b=d.createDocumentFragment(),c=d.createElement("input");a.innerHTML=" <link/><table></table><a href='/a'>a</a><input type='checkbox'/>",l.leadingWhitespace=3===a.firstChild.nodeType,l.tbody=!a.getElementsByTagName("tbody").length,l.htmlSerialize=!!a.getElementsByTagName("link").length,l.html5Clone="<:nav></:nav>"!==d.createElement("nav").cloneNode(!0).outerHTML,c.type="checkbox",c.checked=!0,b.appendChild(c),l.appendChecked=c.checked,a.innerHTML="<textarea>x</textarea>",l.noCloneChecked=!!a.cloneNode(!0).lastChild.defaultValue,b.appendChild(a),c=d.createElement("input"),c.setAttribute("type","radio"),c.setAttribute("checked","checked"),c.setAttribute("name","t"),a.appendChild(c),l.checkClone=a.cloneNode(!0).cloneNode(!0).lastChild.checked,l.noCloneEvent=!!a.addEventListener,a[n.expando]=1,l.attributes=!a.getAttribute(n.expando)}();var da={option:[1,"<select multiple='multiple'>","</select>"],legend:[1,"<fieldset>","</fieldset>"],area:[1,"<map>","</map>"],param:[1,"<object>","</object>"],thead:[1,"<table>","</table>"],tr:[2,"<table><tbody>","</tbody></table>"],col:[2,"<table><tbody></tbody><colgroup>","</colgroup></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],_default:l.htmlSerialize?[0,"",""]:[1,"X<div>","</div>"]};da.optgroup=da.option,da.tbody=da.tfoot=da.colgroup=da.caption=da.thead,da.th=da.td;function ea(a,b){var c,d,e=0,f="undefined"!=typeof a.getElementsByTagName?a.getElementsByTagName(b||"*"):"undefined"!=typeof a.querySelectorAll?a.querySelectorAll(b||"*"):void 0;if(!f)for(f=[],c=a.childNodes||a;null!=(d=c[e]);e++)!b||n.nodeName(d,b)?f.push(d):n.merge(f,ea(d,b));return void 0===b||b&&n.nodeName(a,b)?n.merge([a],f):f}function fa(a,b){for(var c,d=0;null!=(c=a[d]);d++)n._data(c,"globalEval",!b||n._data(b[d],"globalEval"))}var ga=/<|&#?\w+;/,ha=/<tbody/i;function ia(a){Z.test(a.type)&&(a.defaultChecked=a.checked)}function ja(a,b,c,d,e){for(var f,g,h,i,j,k,m,o=a.length,p=ca(b),q=[],r=0;o>r;r++)if(g=a[r],g||0===g)if("object"===n.type(g))n.merge(q,g.nodeType?[g]:g);else if(ga.test(g)){i=i||p.appendChild(b.createElement("div")),j=($.exec(g)||["",""])[1].toLowerCase(),m=da[j]||da._default,i.innerHTML=m[1]+n.htmlPrefilter(g)+m[2],f=m[0];while(f--)i=i.lastChild;if(!l.leadingWhitespace&&aa.test(g)&&q.push(b.createTextNode(aa.exec(g)[0])),!l.tbody){g="table"!==j||ha.test(g)?"<table>"!==m[1]||ha.test(g)?0:i:i.firstChild,f=g&&g.childNodes.length;while(f--)n.nodeName(k=g.childNodes[f],"tbody")&&!k.childNodes.length&&g.removeChild(k)}n.merge(q,i.childNodes),i.textContent="";while(i.firstChild)i.removeChild(i.firstChild);i=p.lastChild}else q.push(b.createTextNode(g));i&&p.removeChild(i),l.appendChecked||n.grep(ea(q,"input"),ia),r=0;while(g=q[r++])if(d&&n.inArray(g,d)>-1)e&&e.push(g);else if(h=n.contains(g.ownerDocument,g),i=ea(p.appendChild(g),"script"),h&&fa(i),c){f=0;while(g=i[f++])_.test(g.type||"")&&c.push(g)}return i=null,p}!function(){var b,c,e=d.createElement("div");for(b in{submit:!0,change:!0,focusin:!0})c="on"+b,(l[b]=c in a)||(e.setAttribute(c,"t"),l[b]=e.attributes[c].expando===!1);e=null}();var ka=/^(?:input|select|textarea)$/i,la=/^key/,ma=/^(?:mouse|pointer|contextmenu|drag|drop)|click/,na=/^(?:focusinfocus|focusoutblur)$/,oa=/^([^.]*)(?:\.(.+)|)/;function pa(){return!0}function qa(){return!1}function ra(){try{return d.activeElement}catch(a){}}function sa(a,b,c,d,e,f){var g,h;if("object"==typeof b){"string"!=typeof c&&(d=d||c,c=void 0);for(h in b)sa(a,h,c,d,b[h],f);return a}if(null==d&&null==e?(e=c,d=c=void 0):null==e&&("string"==typeof c?(e=d,d=void 0):(e=d,d=c,c=void 0)),e===!1)e=qa;else if(!e)return a;return 1===f&&(g=e,e=function(a){return n().off(a),g.apply(this,arguments)},e.guid=g.guid||(g.guid=n.guid++)),a.each(function(){n.event.add(this,b,e,d,c)})}n.event={global:{},add:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,o,p,q,r=n._data(a);if(r){c.handler&&(i=c,c=i.handler,e=i.selector),c.guid||(c.guid=n.guid++),(g=r.events)||(g=r.events={}),(k=r.handle)||(k=r.handle=function(a){return"undefined"==typeof n||a&&n.event.triggered===a.type?void 0:n.event.dispatch.apply(k.elem,arguments)},k.elem=a),b=(b||"").match(G)||[""],h=b.length;while(h--)f=oa.exec(b[h])||[],o=q=f[1],p=(f[2]||"").split(".").sort(),o&&(j=n.event.special[o]||{},o=(e?j.delegateType:j.bindType)||o,j=n.event.special[o]||{},l=n.extend({type:o,origType:q,data:d,handler:c,guid:c.guid,selector:e,needsContext:e&&n.expr.match.needsContext.test(e),namespace:p.join(".")},i),(m=g[o])||(m=g[o]=[],m.delegateCount=0,j.setup&&j.setup.call(a,d,p,k)!==!1||(a.addEventListener?a.addEventListener(o,k,!1):a.attachEvent&&a.attachEvent("on"+o,k))),j.add&&(j.add.call(a,l),l.handler.guid||(l.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,l):m.push(l),n.event.global[o]=!0);a=null}},remove:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,o,p,q,r=n.hasData(a)&&n._data(a);if(r&&(k=r.events)){b=(b||"").match(G)||[""],j=b.length;while(j--)if(h=oa.exec(b[j])||[],o=q=h[1],p=(h[2]||"").split(".").sort(),o){l=n.event.special[o]||{},o=(d?l.delegateType:l.bindType)||o,m=k[o]||[],h=h[2]&&new RegExp("(^|\\.)"+p.join("\\.(?:.*\\.|)")+"(\\.|$)"),i=f=m.length;while(f--)g=m[f],!e&&q!==g.origType||c&&c.guid!==g.guid||h&&!h.test(g.namespace)||d&&d!==g.selector&&("**"!==d||!g.selector)||(m.splice(f,1),g.selector&&m.delegateCount--,l.remove&&l.remove.call(a,g));i&&!m.length&&(l.teardown&&l.teardown.call(a,p,r.handle)!==!1||n.removeEvent(a,o,r.handle),delete k[o])}else for(o in k)n.event.remove(a,o+b[j],c,d,!0);n.isEmptyObject(k)&&(delete r.handle,n._removeData(a,"events"))}},trigger:function(b,c,e,f){var g,h,i,j,l,m,o,p=[e||d],q=k.call(b,"type")?b.type:b,r=k.call(b,"namespace")?b.namespace.split("."):[];if(i=m=e=e||d,3!==e.nodeType&&8!==e.nodeType&&!na.test(q+n.event.triggered)&&(q.indexOf(".")>-1&&(r=q.split("."),q=r.shift(),r.sort()),h=q.indexOf(":")<0&&"on"+q,b=b[n.expando]?b:new n.Event(q,"object"==typeof b&&b),b.isTrigger=f?2:3,b.namespace=r.join("."),b.rnamespace=b.namespace?new RegExp("(^|\\.)"+r.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,b.result=void 0,b.target||(b.target=e),c=null==c?[b]:n.makeArray(c,[b]),l=n.event.special[q]||{},f||!l.trigger||l.trigger.apply(e,c)!==!1)){if(!f&&!l.noBubble&&!n.isWindow(e)){for(j=l.delegateType||q,na.test(j+q)||(i=i.parentNode);i;i=i.parentNode)p.push(i),m=i;m===(e.ownerDocument||d)&&p.push(m.defaultView||m.parentWindow||a)}o=0;while((i=p[o++])&&!b.isPropagationStopped())b.type=o>1?j:l.bindType||q,g=(n._data(i,"events")||{})[b.type]&&n._data(i,"handle"),g&&g.apply(i,c),g=h&&i[h],g&&g.apply&&M(i)&&(b.result=g.apply(i,c),b.result===!1&&b.preventDefault());if(b.type=q,!f&&!b.isDefaultPrevented()&&(!l._default||l._default.apply(p.pop(),c)===!1)&&M(e)&&h&&e[q]&&!n.isWindow(e)){m=e[h],m&&(e[h]=null),n.event.triggered=q;try{e[q]()}catch(s){}n.event.triggered=void 0,m&&(e[h]=m)}return b.result}},dispatch:function(a){a=n.event.fix(a);var b,c,d,f,g,h=[],i=e.call(arguments),j=(n._data(this,"events")||{})[a.type]||[],k=n.event.special[a.type]||{};if(i[0]=a,a.delegateTarget=this,!k.preDispatch||k.preDispatch.call(this,a)!==!1){h=n.event.handlers.call(this,a,j),b=0;while((f=h[b++])&&!a.isPropagationStopped()){a.currentTarget=f.elem,c=0;while((g=f.handlers[c++])&&!a.isImmediatePropagationStopped())a.rnamespace&&!a.rnamespace.test(g.namespace)||(a.handleObj=g,a.data=g.data,d=((n.event.special[g.origType]||{}).handle||g.handler).apply(f.elem,i),void 0!==d&&(a.result=d)===!1&&(a.preventDefault(),a.stopPropagation()))}return k.postDispatch&&k.postDispatch.call(this,a),a.result}},handlers:function(a,b){var c,d,e,f,g=[],h=b.delegateCount,i=a.target;if(h&&i.nodeType&&("click"!==a.type||isNaN(a.button)||a.button<1))for(;i!=this;i=i.parentNode||this)if(1===i.nodeType&&(i.disabled!==!0||"click"!==a.type)){for(d=[],c=0;h>c;c++)f=b[c],e=f.selector+" ",void 0===d[e]&&(d[e]=f.needsContext?n(e,this).index(i)>-1:n.find(e,this,null,[i]).length),d[e]&&d.push(f);d.length&&g.push({elem:i,handlers:d})}return h<b.length&&g.push({elem:this,handlers:b.slice(h)}),g},fix:function(a){if(a[n.expando])return a;var b,c,e,f=a.type,g=a,h=this.fixHooks[f];h||(this.fixHooks[f]=h=ma.test(f)?this.mouseHooks:la.test(f)?this.keyHooks:{}),e=h.props?this.props.concat(h.props):this.props,a=new n.Event(g),b=e.length;while(b--)c=e[b],a[c]=g[c];return a.target||(a.target=g.srcElement||d),3===a.target.nodeType&&(a.target=a.target.parentNode),a.metaKey=!!a.metaKey,h.filter?h.filter(a,g):a},props:"altKey bubbles cancelable ctrlKey currentTarget detail eventPhase metaKey relatedTarget shiftKey target timeStamp view which".split(" "),fixHooks:{},keyHooks:{props:"char charCode key keyCode".split(" "),filter:function(a,b){return null==a.which&&(a.which=null!=b.charCode?b.charCode:b.keyCode),a}},mouseHooks:{props:"button buttons clientX clientY fromElement offsetX offsetY pageX pageY screenX screenY toElement".split(" "),filter:function(a,b){var c,e,f,g=b.button,h=b.fromElement;return null==a.pageX&&null!=b.clientX&&(e=a.target.ownerDocument||d,f=e.documentElement,c=e.body,a.pageX=b.clientX+(f&&f.scrollLeft||c&&c.scrollLeft||0)-(f&&f.clientLeft||c&&c.clientLeft||0),a.pageY=b.clientY+(f&&f.scrollTop||c&&c.scrollTop||0)-(f&&f.clientTop||c&&c.clientTop||0)),!a.relatedTarget&&h&&(a.relatedTarget=h===a.target?b.toElement:h),a.which||void 0===g||(a.which=1&g?1:2&g?3:4&g?2:0),a}},special:{load:{noBubble:!0},focus:{trigger:function(){if(this!==ra()&&this.focus)try{return this.focus(),!1}catch(a){}},delegateType:"focusin"},blur:{trigger:function(){return this===ra()&&this.blur?(this.blur(),!1):void 0},delegateType:"focusout"},click:{trigger:function(){return n.nodeName(this,"input")&&"checkbox"===this.type&&this.click?(this.click(),!1):void 0},_default:function(a){return n.nodeName(a.target,"a")}},beforeunload:{postDispatch:function(a){void 0!==a.result&&a.originalEvent&&(a.originalEvent.returnValue=a.result)}}},simulate:function(a,b,c){var d=n.extend(new n.Event,c,{type:a,isSimulated:!0});n.event.trigger(d,null,b),d.isDefaultPrevented()&&c.preventDefault()}},n.removeEvent=d.removeEventListener?function(a,b,c){a.removeEventListener&&a.removeEventListener(b,c)}:function(a,b,c){var d="on"+b;a.detachEvent&&("undefined"==typeof a[d]&&(a[d]=null),a.detachEvent(d,c))},n.Event=function(a,b){return this instanceof n.Event?(a&&a.type?(this.originalEvent=a,this.type=a.type,this.isDefaultPrevented=a.defaultPrevented||void 0===a.defaultPrevented&&a.returnValue===!1?pa:qa):this.type=a,b&&n.extend(this,b),this.timeStamp=a&&a.timeStamp||n.now(),void(this[n.expando]=!0)):new n.Event(a,b)},n.Event.prototype={constructor:n.Event,isDefaultPrevented:qa,isPropagationStopped:qa,isImmediatePropagationStopped:qa,preventDefault:function(){var a=this.originalEvent;this.isDefaultPrevented=pa,a&&(a.preventDefault?a.preventDefault():a.returnValue=!1)},stopPropagation:function(){var a=this.originalEvent;this.isPropagationStopped=pa,a&&!this.isSimulated&&(a.stopPropagation&&a.stopPropagation(),a.cancelBubble=!0)},stopImmediatePropagation:function(){var a=this.originalEvent;this.isImmediatePropagationStopped=pa,a&&a.stopImmediatePropagation&&a.stopImmediatePropagation(),this.stopPropagation()}},n.each({mouseenter:"mouseover",mouseleave:"mouseout",pointerenter:"pointerover",pointerleave:"pointerout"},function(a,b){n.event.special[a]={delegateType:b,bindType:b,handle:function(a){var c,d=this,e=a.relatedTarget,f=a.handleObj;return e&&(e===d||n.contains(d,e))||(a.type=f.origType,c=f.handler.apply(this,arguments),a.type=b),c}}}),l.submit||(n.event.special.submit={setup:function(){return n.nodeName(this,"form")?!1:void n.event.add(this,"click._submit keypress._submit",function(a){var b=a.target,c=n.nodeName(b,"input")||n.nodeName(b,"button")?n.prop(b,"form"):void 0;c&&!n._data(c,"submit")&&(n.event.add(c,"submit._submit",function(a){a._submitBubble=!0}),n._data(c,"submit",!0))})},postDispatch:function(a){a._submitBubble&&(delete a._submitBubble,this.parentNode&&!a.isTrigger&&n.event.simulate("submit",this.parentNode,a))},teardown:function(){return n.nodeName(this,"form")?!1:void n.event.remove(this,"._submit")}}),l.change||(n.event.special.change={setup:function(){return ka.test(this.nodeName)?("checkbox"!==this.type&&"radio"!==this.type||(n.event.add(this,"propertychange._change",function(a){"checked"===a.originalEvent.propertyName&&(this._justChanged=!0)}),n.event.add(this,"click._change",function(a){this._justChanged&&!a.isTrigger&&(this._justChanged=!1),n.event.simulate("change",this,a)})),!1):void n.event.add(this,"beforeactivate._change",function(a){var b=a.target;ka.test(b.nodeName)&&!n._data(b,"change")&&(n.event.add(b,"change._change",function(a){!this.parentNode||a.isSimulated||a.isTrigger||n.event.simulate("change",this.parentNode,a)}),n._data(b,"change",!0))})},handle:function(a){var b=a.target;return this!==b||a.isSimulated||a.isTrigger||"radio"!==b.type&&"checkbox"!==b.type?a.handleObj.handler.apply(this,arguments):void 0},teardown:function(){return n.event.remove(this,"._change"),!ka.test(this.nodeName)}}),l.focusin||n.each({focus:"focusin",blur:"focusout"},function(a,b){var c=function(a){n.event.simulate(b,a.target,n.event.fix(a))};n.event.special[b]={setup:function(){var d=this.ownerDocument||this,e=n._data(d,b);e||d.addEventListener(a,c,!0),n._data(d,b,(e||0)+1)},teardown:function(){var d=this.ownerDocument||this,e=n._data(d,b)-1;e?n._data(d,b,e):(d.removeEventListener(a,c,!0),n._removeData(d,b))}}}),n.fn.extend({on:function(a,b,c,d){return sa(this,a,b,c,d)},one:function(a,b,c,d){return sa(this,a,b,c,d,1)},off:function(a,b,c){var d,e;if(a&&a.preventDefault&&a.handleObj)return d=a.handleObj,n(a.delegateTarget).off(d.namespace?d.origType+"."+d.namespace:d.origType,d.selector,d.handler),this;if("object"==typeof a){for(e in a)this.off(e,b,a[e]);return this}return b!==!1&&"function"!=typeof b||(c=b,b=void 0),c===!1&&(c=qa),this.each(function(){n.event.remove(this,a,c,b)})},trigger:function(a,b){return this.each(function(){n.event.trigger(a,b,this)})},triggerHandler:function(a,b){var c=this[0];return c?n.event.trigger(a,b,c,!0):void 0}});var ta=/ jQuery\d+="(?:null|\d+)"/g,ua=new RegExp("<(?:"+ba+")[\\s/>]","i"),va=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:-]+)[^>]*)\/>/gi,wa=/<script|<style|<link/i,xa=/checked\s*(?:[^=]|=\s*.checked.)/i,ya=/^true\/(.*)/,za=/^\s*<!(?:\[CDATA\[|--)|(?:\]\]|--)>\s*$/g,Aa=ca(d),Ba=Aa.appendChild(d.createElement("div"));function Ca(a,b){return n.nodeName(a,"table")&&n.nodeName(11!==b.nodeType?b:b.firstChild,"tr")?a.getElementsByTagName("tbody")[0]||a.appendChild(a.ownerDocument.createElement("tbody")):a}function Da(a){return a.type=(null!==n.find.attr(a,"type"))+"/"+a.type,a}function Ea(a){var b=ya.exec(a.type);return b?a.type=b[1]:a.removeAttribute("type"),a}function Fa(a,b){if(1===b.nodeType&&n.hasData(a)){var c,d,e,f=n._data(a),g=n._data(b,f),h=f.events;if(h){delete g.handle,g.events={};for(c in h)for(d=0,e=h[c].length;e>d;d++)n.event.add(b,c,h[c][d])}g.data&&(g.data=n.extend({},g.data))}}function Ga(a,b){var c,d,e;if(1===b.nodeType){if(c=b.nodeName.toLowerCase(),!l.noCloneEvent&&b[n.expando]){e=n._data(b);for(d in e.events)n.removeEvent(b,d,e.handle);b.removeAttribute(n.expando)}"script"===c&&b.text!==a.text?(Da(b).text=a.text,Ea(b)):"object"===c?(b.parentNode&&(b.outerHTML=a.outerHTML),l.html5Clone&&a.innerHTML&&!n.trim(b.innerHTML)&&(b.innerHTML=a.innerHTML)):"input"===c&&Z.test(a.type)?(b.defaultChecked=b.checked=a.checked,b.value!==a.value&&(b.value=a.value)):"option"===c?b.defaultSelected=b.selected=a.defaultSelected:"input"!==c&&"textarea"!==c||(b.defaultValue=a.defaultValue)}}function Ha(a,b,c,d){b=f.apply([],b);var e,g,h,i,j,k,m=0,o=a.length,p=o-1,q=b[0],r=n.isFunction(q);if(r||o>1&&"string"==typeof q&&!l.checkClone&&xa.test(q))return a.each(function(e){var f=a.eq(e);r&&(b[0]=q.call(this,e,f.html())),Ha(f,b,c,d)});if(o&&(k=ja(b,a[0].ownerDocument,!1,a,d),e=k.firstChild,1===k.childNodes.length&&(k=e),e||d)){for(i=n.map(ea(k,"script"),Da),h=i.length;o>m;m++)g=k,m!==p&&(g=n.clone(g,!0,!0),h&&n.merge(i,ea(g,"script"))),c.call(a[m],g,m);if(h)for(j=i[i.length-1].ownerDocument,n.map(i,Ea),m=0;h>m;m++)g=i[m],_.test(g.type||"")&&!n._data(g,"globalEval")&&n.contains(j,g)&&(g.src?n._evalUrl&&n._evalUrl(g.src):n.globalEval((g.text||g.textContent||g.innerHTML||"").replace(za,"")));k=e=null}return a}function Ia(a,b,c){for(var d,e=b?n.filter(b,a):a,f=0;null!=(d=e[f]);f++)c||1!==d.nodeType||n.cleanData(ea(d)),d.parentNode&&(c&&n.contains(d.ownerDocument,d)&&fa(ea(d,"script")),d.parentNode.removeChild(d));return a}n.extend({htmlPrefilter:function(a){return a.replace(va,"<$1></$2>")},clone:function(a,b,c){var d,e,f,g,h,i=n.contains(a.ownerDocument,a);if(l.html5Clone||n.isXMLDoc(a)||!ua.test("<"+a.nodeName+">")?f=a.cloneNode(!0):(Ba.innerHTML=a.outerHTML,Ba.removeChild(f=Ba.firstChild)),!(l.noCloneEvent&&l.noCloneChecked||1!==a.nodeType&&11!==a.nodeType||n.isXMLDoc(a)))for(d=ea(f),h=ea(a),g=0;null!=(e=h[g]);++g)d[g]&&Ga(e,d[g]);if(b)if(c)for(h=h||ea(a),d=d||ea(f),g=0;null!=(e=h[g]);g++)Fa(e,d[g]);else Fa(a,f);return d=ea(f,"script"),d.length>0&&fa(d,!i&&ea(a,"script")),d=h=e=null,f},cleanData:function(a,b){for(var d,e,f,g,h=0,i=n.expando,j=n.cache,k=l.attributes,m=n.event.special;null!=(d=a[h]);h++)if((b||M(d))&&(f=d[i],g=f&&j[f])){if(g.events)for(e in g.events)m[e]?n.event.remove(d,e):n.removeEvent(d,e,g.handle);j[f]&&(delete j[f],k||"undefined"==typeof d.removeAttribute?d[i]=void 0:d.removeAttribute(i),c.push(f))}}}),n.fn.extend({domManip:Ha,detach:function(a){return Ia(this,a,!0)},remove:function(a){return Ia(this,a)},text:function(a){return Y(this,function(a){return void 0===a?n.text(this):this.empty().append((this[0]&&this[0].ownerDocument||d).createTextNode(a))},null,a,arguments.length)},append:function(){return Ha(this,arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=Ca(this,a);b.appendChild(a)}})},prepend:function(){return Ha(this,arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=Ca(this,a);b.insertBefore(a,b.firstChild)}})},before:function(){return Ha(this,arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this)})},after:function(){return Ha(this,arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this.nextSibling)})},empty:function(){for(var a,b=0;null!=(a=this[b]);b++){1===a.nodeType&&n.cleanData(ea(a,!1));while(a.firstChild)a.removeChild(a.firstChild);a.options&&n.nodeName(a,"select")&&(a.options.length=0)}return this},clone:function(a,b){return a=null==a?!1:a,b=null==b?a:b,this.map(function(){return n.clone(this,a,b)})},html:function(a){return Y(this,function(a){var b=this[0]||{},c=0,d=this.length;if(void 0===a)return 1===b.nodeType?b.innerHTML.replace(ta,""):void 0;if("string"==typeof a&&!wa.test(a)&&(l.htmlSerialize||!ua.test(a))&&(l.leadingWhitespace||!aa.test(a))&&!da[($.exec(a)||["",""])[1].toLowerCase()]){a=n.htmlPrefilter(a);try{for(;d>c;c++)b=this[c]||{},1===b.nodeType&&(n.cleanData(ea(b,!1)),b.innerHTML=a);b=0}catch(e){}}b&&this.empty().append(a)},null,a,arguments.length)},replaceWith:function(){var a=[];return Ha(this,arguments,function(b){var c=this.parentNode;n.inArray(this,a)<0&&(n.cleanData(ea(this)),c&&c.replaceChild(b,this))},a)}}),n.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(a,b){n.fn[a]=function(a){for(var c,d=0,e=[],f=n(a),h=f.length-1;h>=d;d++)c=d===h?this:this.clone(!0),n(f[d])[b](c),g.apply(e,c.get());return this.pushStack(e)}});var Ja,Ka={HTML:"block",BODY:"block"};function La(a,b){var c=n(b.createElement(a)).appendTo(b.body),d=n.css(c[0],"display");return c.detach(),d}function Ma(a){var b=d,c=Ka[a];return c||(c=La(a,b),"none"!==c&&c||(Ja=(Ja||n("<iframe frameborder='0' width='0' height='0'/>")).appendTo(b.documentElement),b=(Ja[0].contentWindow||Ja[0].contentDocument).document,b.write(),b.close(),c=La(a,b),Ja.detach()),Ka[a]=c),c}var Na=/^margin/,Oa=new RegExp("^("+T+")(?!px)[a-z%]+$","i"),Pa=function(a,b,c,d){var e,f,g={};for(f in b)g[f]=a.style[f],a.style[f]=b[f];e=c.apply(a,d||[]);for(f in b)a.style[f]=g[f];return e},Qa=d.documentElement;!function(){var b,c,e,f,g,h,i=d.createElement("div"),j=d.createElement("div");if(j.style){j.style.cssText="float:left;opacity:.5",l.opacity="0.5"===j.style.opacity,l.cssFloat=!!j.style.cssFloat,j.style.backgroundClip="content-box",j.cloneNode(!0).style.backgroundClip="",l.clearCloneStyle="content-box"===j.style.backgroundClip,i=d.createElement("div"),i.style.cssText="border:0;width:8px;height:0;top:0;left:-9999px;padding:0;margin-top:1px;position:absolute",j.innerHTML="",i.appendChild(j),l.boxSizing=""===j.style.boxSizing||""===j.style.MozBoxSizing||""===j.style.WebkitBoxSizing,n.extend(l,{reliableHiddenOffsets:function(){return null==b&&k(),f},boxSizingReliable:function(){return null==b&&k(),e},pixelMarginRight:function(){return null==b&&k(),c},pixelPosition:function(){return null==b&&k(),b},reliableMarginRight:function(){return null==b&&k(),g},reliableMarginLeft:function(){return null==b&&k(),h}});function k(){var k,l,m=d.documentElement;m.appendChild(i),j.style.cssText="-webkit-box-sizing:border-box;box-sizing:border-box;position:relative;display:block;margin:auto;border:1px;padding:1px;top:1%;width:50%",b=e=h=!1,c=g=!0,a.getComputedStyle&&(l=a.getComputedStyle(j),b="1%"!==(l||{}).top,h="2px"===(l||{}).marginLeft,e="4px"===(l||{width:"4px"}).width,j.style.marginRight="50%",c="4px"===(l||{marginRight:"4px"}).marginRight,k=j.appendChild(d.createElement("div")),k.style.cssText=j.style.cssText="-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;display:block;margin:0;border:0;padding:0",k.style.marginRight=k.style.width="0",j.style.width="1px",g=!parseFloat((a.getComputedStyle(k)||{}).marginRight),j.removeChild(k)),j.style.display="none",f=0===j.getClientRects().length,f&&(j.style.display="",j.innerHTML="<table><tr><td></td><td>t</td></tr></table>",j.childNodes[0].style.borderCollapse="separate",k=j.getElementsByTagName("td"),k[0].style.cssText="margin:0;border:0;padding:0;display:none",f=0===k[0].offsetHeight,f&&(k[0].style.display="",k[1].style.display="none",f=0===k[0].offsetHeight)),m.removeChild(i)}}}();var Ra,Sa,Ta=/^(top|right|bottom|left)$/;a.getComputedStyle?(Ra=function(b){var c=b.ownerDocument.defaultView;return c&&c.opener||(c=a),c.getComputedStyle(b)},Sa=function(a,b,c){var d,e,f,g,h=a.style;return c=c||Ra(a),g=c?c.getPropertyValue(b)||c[b]:void 0,""!==g&&void 0!==g||n.contains(a.ownerDocument,a)||(g=n.style(a,b)),c&&!l.pixelMarginRight()&&Oa.test(g)&&Na.test(b)&&(d=h.width,e=h.minWidth,f=h.maxWidth,h.minWidth=h.maxWidth=h.width=g,g=c.width,h.width=d,h.minWidth=e,h.maxWidth=f),void 0===g?g:g+""}):Qa.currentStyle&&(Ra=function(a){return a.currentStyle},Sa=function(a,b,c){var d,e,f,g,h=a.style;return c=c||Ra(a),g=c?c[b]:void 0,null==g&&h&&h[b]&&(g=h[b]),Oa.test(g)&&!Ta.test(b)&&(d=h.left,e=a.runtimeStyle,f=e&&e.left,f&&(e.left=a.currentStyle.left),h.left="fontSize"===b?"1em":g,g=h.pixelLeft+"px",h.left=d,f&&(e.left=f)),void 0===g?g:g+""||"auto"});function Ua(a,b){return{get:function(){return a()?void delete this.get:(this.get=b).apply(this,arguments)}}}var Va=/alpha\([^)]*\)/i,Wa=/opacity\s*=\s*([^)]*)/i,Xa=/^(none|table(?!-c[ea]).+)/,Ya=new RegExp("^("+T+")(.*)$","i"),Za={position:"absolute",visibility:"hidden",display:"block"},$a={letterSpacing:"0",fontWeight:"400"},_a=["Webkit","O","Moz","ms"],ab=d.createElement("div").style;function bb(a){if(a in ab)return a;var b=a.charAt(0).toUpperCase()+a.slice(1),c=_a.length;while(c--)if(a=_a[c]+b,a in ab)return a}function cb(a,b){for(var c,d,e,f=[],g=0,h=a.length;h>g;g++)d=a[g],d.style&&(f[g]=n._data(d,"olddisplay"),c=d.style.display,b?(f[g]||"none"!==c||(d.style.display=""),""===d.style.display&&W(d)&&(f[g]=n._data(d,"olddisplay",Ma(d.nodeName)))):(e=W(d),(c&&"none"!==c||!e)&&n._data(d,"olddisplay",e?c:n.css(d,"display"))));for(g=0;h>g;g++)d=a[g],d.style&&(b&&"none"!==d.style.display&&""!==d.style.display||(d.style.display=b?f[g]||"":"none"));return a}function db(a,b,c){var d=Ya.exec(b);return d?Math.max(0,d[1]-(c||0))+(d[2]||"px"):b}function eb(a,b,c,d,e){for(var f=c===(d?"border":"content")?4:"width"===b?1:0,g=0;4>f;f+=2)"margin"===c&&(g+=n.css(a,c+V[f],!0,e)),d?("content"===c&&(g-=n.css(a,"padding"+V[f],!0,e)),"margin"!==c&&(g-=n.css(a,"border"+V[f]+"Width",!0,e))):(g+=n.css(a,"padding"+V[f],!0,e),"padding"!==c&&(g+=n.css(a,"border"+V[f]+"Width",!0,e)));return g}function fb(a,b,c){var d=!0,e="width"===b?a.offsetWidth:a.offsetHeight,f=Ra(a),g=l.boxSizing&&"border-box"===n.css(a,"boxSizing",!1,f);if(0>=e||null==e){if(e=Sa(a,b,f),(0>e||null==e)&&(e=a.style[b]),Oa.test(e))return e;d=g&&(l.boxSizingReliable()||e===a.style[b]),e=parseFloat(e)||0}return e+eb(a,b,c||(g?"border":"content"),d,f)+"px"}n.extend({cssHooks:{opacity:{get:function(a,b){if(b){var c=Sa(a,"opacity");return""===c?"1":c}}}},cssNumber:{animationIterationCount:!0,columnCount:!0,fillOpacity:!0,flexGrow:!0,flexShrink:!0,fontWeight:!0,lineHeight:!0,opacity:!0,order:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":l.cssFloat?"cssFloat":"styleFloat"},style:function(a,b,c,d){if(a&&3!==a.nodeType&&8!==a.nodeType&&a.style){var e,f,g,h=n.camelCase(b),i=a.style;if(b=n.cssProps[h]||(n.cssProps[h]=bb(h)||h),g=n.cssHooks[b]||n.cssHooks[h],void 0===c)return g&&"get"in g&&void 0!==(e=g.get(a,!1,d))?e:i[b];if(f=typeof c,"string"===f&&(e=U.exec(c))&&e[1]&&(c=X(a,b,e),f="number"),null!=c&&c===c&&("number"===f&&(c+=e&&e[3]||(n.cssNumber[h]?"":"px")),l.clearCloneStyle||""!==c||0!==b.indexOf("background")||(i[b]="inherit"),!(g&&"set"in g&&void 0===(c=g.set(a,c,d)))))try{i[b]=c}catch(j){}}},css:function(a,b,c,d){var e,f,g,h=n.camelCase(b);return b=n.cssProps[h]||(n.cssProps[h]=bb(h)||h),g=n.cssHooks[b]||n.cssHooks[h],g&&"get"in g&&(f=g.get(a,!0,c)),void 0===f&&(f=Sa(a,b,d)),"normal"===f&&b in $a&&(f=$a[b]),""===c||c?(e=parseFloat(f),c===!0||isFinite(e)?e||0:f):f}}),n.each(["height","width"],function(a,b){n.cssHooks[b]={get:function(a,c,d){return c?Xa.test(n.css(a,"display"))&&0===a.offsetWidth?Pa(a,Za,function(){return fb(a,b,d)}):fb(a,b,d):void 0},set:function(a,c,d){var e=d&&Ra(a);return db(a,c,d?eb(a,b,d,l.boxSizing&&"border-box"===n.css(a,"boxSizing",!1,e),e):0)}}}),l.opacity||(n.cssHooks.opacity={get:function(a,b){return Wa.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?.01*parseFloat(RegExp.$1)+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle,e=n.isNumeric(b)?"alpha(opacity="+100*b+")":"",f=d&&d.filter||c.filter||"";c.zoom=1,(b>=1||""===b)&&""===n.trim(f.replace(Va,""))&&c.removeAttribute&&(c.removeAttribute("filter"),""===b||d&&!d.filter)||(c.filter=Va.test(f)?f.replace(Va,e):f+" "+e)}}),n.cssHooks.marginRight=Ua(l.reliableMarginRight,function(a,b){return b?Pa(a,{display:"inline-block"},Sa,[a,"marginRight"]):void 0}),n.cssHooks.marginLeft=Ua(l.reliableMarginLeft,function(a,b){return b?(parseFloat(Sa(a,"marginLeft"))||(n.contains(a.ownerDocument,a)?a.getBoundingClientRect().left-Pa(a,{ >marginLeft:0},function(){return a.getBoundingClientRect().left}):0))+"px":void 0}),n.each({margin:"",padding:"",border:"Width"},function(a,b){n.cssHooks[a+b]={expand:function(c){for(var d=0,e={},f="string"==typeof c?c.split(" "):[c];4>d;d++)e[a+V[d]+b]=f[d]||f[d-2]||f[0];return e}},Na.test(a)||(n.cssHooks[a+b].set=db)}),n.fn.extend({css:function(a,b){return Y(this,function(a,b,c){var d,e,f={},g=0;if(n.isArray(b)){for(d=Ra(a),e=b.length;e>g;g++)f[b[g]]=n.css(a,b[g],!1,d);return f}return void 0!==c?n.style(a,b,c):n.css(a,b)},a,b,arguments.length>1)},show:function(){return cb(this,!0)},hide:function(){return cb(this)},toggle:function(a){return"boolean"==typeof a?a?this.show():this.hide():this.each(function(){W(this)?n(this).show():n(this).hide()})}});function gb(a,b,c,d,e){return new gb.prototype.init(a,b,c,d,e)}n.Tween=gb,gb.prototype={constructor:gb,init:function(a,b,c,d,e,f){this.elem=a,this.prop=c,this.easing=e||n.easing._default,this.options=b,this.start=this.now=this.cur(),this.end=d,this.unit=f||(n.cssNumber[c]?"":"px")},cur:function(){var a=gb.propHooks[this.prop];return a&&a.get?a.get(this):gb.propHooks._default.get(this)},run:function(a){var b,c=gb.propHooks[this.prop];return this.options.duration?this.pos=b=n.easing[this.easing](a,this.options.duration*a,0,1,this.options.duration):this.pos=b=a,this.now=(this.end-this.start)*b+this.start,this.options.step&&this.options.step.call(this.elem,this.now,this),c&&c.set?c.set(this):gb.propHooks._default.set(this),this}},gb.prototype.init.prototype=gb.prototype,gb.propHooks={_default:{get:function(a){var b;return 1!==a.elem.nodeType||null!=a.elem[a.prop]&&null==a.elem.style[a.prop]?a.elem[a.prop]:(b=n.css(a.elem,a.prop,""),b&&"auto"!==b?b:0)},set:function(a){n.fx.step[a.prop]?n.fx.step[a.prop](a):1!==a.elem.nodeType||null==a.elem.style[n.cssProps[a.prop]]&&!n.cssHooks[a.prop]?a.elem[a.prop]=a.now:n.style(a.elem,a.prop,a.now+a.unit)}}},gb.propHooks.scrollTop=gb.propHooks.scrollLeft={set:function(a){a.elem.nodeType&&a.elem.parentNode&&(a.elem[a.prop]=a.now)}},n.easing={linear:function(a){return a},swing:function(a){return.5-Math.cos(a*Math.PI)/2},_default:"swing"},n.fx=gb.prototype.init,n.fx.step={};var hb,ib,jb=/^(?:toggle|show|hide)$/,kb=/queueHooks$/;function lb(){return a.setTimeout(function(){hb=void 0}),hb=n.now()}function mb(a,b){var c,d={height:a},e=0;for(b=b?1:0;4>e;e+=2-b)c=V[e],d["margin"+c]=d["padding"+c]=a;return b&&(d.opacity=d.width=a),d}function nb(a,b,c){for(var d,e=(qb.tweeners[b]||[]).concat(qb.tweeners["*"]),f=0,g=e.length;g>f;f++)if(d=e[f].call(c,b,a))return d}function ob(a,b,c){var d,e,f,g,h,i,j,k,m=this,o={},p=a.style,q=a.nodeType&&W(a),r=n._data(a,"fxshow");c.queue||(h=n._queueHooks(a,"fx"),null==h.unqueued&&(h.unqueued=0,i=h.empty.fire,h.empty.fire=function(){h.unqueued||i()}),h.unqueued++,m.always(function(){m.always(function(){h.unqueued--,n.queue(a,"fx").length||h.empty.fire()})})),1===a.nodeType&&("height"in b||"width"in b)&&(c.overflow=[p.overflow,p.overflowX,p.overflowY],j=n.css(a,"display"),k="none"===j?n._data(a,"olddisplay")||Ma(a.nodeName):j,"inline"===k&&"none"===n.css(a,"float")&&(l.inlineBlockNeedsLayout&&"inline"!==Ma(a.nodeName)?p.zoom=1:p.display="inline-block")),c.overflow&&(p.overflow="hidden",l.shrinkWrapBlocks()||m.always(function(){p.overflow=c.overflow[0],p.overflowX=c.overflow[1],p.overflowY=c.overflow[2]}));for(d in b)if(e=b[d],jb.exec(e)){if(delete b[d],f=f||"toggle"===e,e===(q?"hide":"show")){if("show"!==e||!r||void 0===r[d])continue;q=!0}o[d]=r&&r[d]||n.style(a,d)}else j=void 0;if(n.isEmptyObject(o))"inline"===("none"===j?Ma(a.nodeName):j)&&(p.display=j);else{r?"hidden"in r&&(q=r.hidden):r=n._data(a,"fxshow",{}),f&&(r.hidden=!q),q?n(a).show():m.done(function(){n(a).hide()}),m.done(function(){var b;n._removeData(a,"fxshow");for(b in o)n.style(a,b,o[b])});for(d in o)g=nb(q?r[d]:0,d,m),d in r||(r[d]=g.start,q&&(g.end=g.start,g.start="width"===d||"height"===d?1:0))}}function pb(a,b){var c,d,e,f,g;for(c in a)if(d=n.camelCase(c),e=b[d],f=a[c],n.isArray(f)&&(e=f[1],f=a[c]=f[0]),c!==d&&(a[d]=f,delete a[c]),g=n.cssHooks[d],g&&"expand"in g){f=g.expand(f),delete a[d];for(c in f)c in a||(a[c]=f[c],b[c]=e)}else b[d]=e}function qb(a,b,c){var d,e,f=0,g=qb.prefilters.length,h=n.Deferred().always(function(){delete i.elem}),i=function(){if(e)return!1;for(var b=hb||lb(),c=Math.max(0,j.startTime+j.duration-b),d=c/j.duration||0,f=1-d,g=0,i=j.tweens.length;i>g;g++)j.tweens[g].run(f);return h.notifyWith(a,[j,f,c]),1>f&&i?c:(h.resolveWith(a,[j]),!1)},j=h.promise({elem:a,props:n.extend({},b),opts:n.extend(!0,{specialEasing:{},easing:n.easing._default},c),originalProperties:b,originalOptions:c,startTime:hb||lb(),duration:c.duration,tweens:[],createTween:function(b,c){var d=n.Tween(a,j.opts,b,c,j.opts.specialEasing[b]||j.opts.easing);return j.tweens.push(d),d},stop:function(b){var c=0,d=b?j.tweens.length:0;if(e)return this;for(e=!0;d>c;c++)j.tweens[c].run(1);return b?(h.notifyWith(a,[j,1,0]),h.resolveWith(a,[j,b])):h.rejectWith(a,[j,b]),this}}),k=j.props;for(pb(k,j.opts.specialEasing);g>f;f++)if(d=qb.prefilters[f].call(j,a,k,j.opts))return n.isFunction(d.stop)&&(n._queueHooks(j.elem,j.opts.queue).stop=n.proxy(d.stop,d)),d;return n.map(k,nb,j),n.isFunction(j.opts.start)&&j.opts.start.call(a,j),n.fx.timer(n.extend(i,{elem:a,anim:j,queue:j.opts.queue})),j.progress(j.opts.progress).done(j.opts.done,j.opts.complete).fail(j.opts.fail).always(j.opts.always)}n.Animation=n.extend(qb,{tweeners:{"*":[function(a,b){var c=this.createTween(a,b);return X(c.elem,a,U.exec(b),c),c}]},tweener:function(a,b){n.isFunction(a)?(b=a,a=["*"]):a=a.match(G);for(var c,d=0,e=a.length;e>d;d++)c=a[d],qb.tweeners[c]=qb.tweeners[c]||[],qb.tweeners[c].unshift(b)},prefilters:[ob],prefilter:function(a,b){b?qb.prefilters.unshift(a):qb.prefilters.push(a)}}),n.speed=function(a,b,c){var d=a&&"object"==typeof a?n.extend({},a):{complete:c||!c&&b||n.isFunction(a)&&a,duration:a,easing:c&&b||b&&!n.isFunction(b)&&b};return d.duration=n.fx.off?0:"number"==typeof d.duration?d.duration:d.duration in n.fx.speeds?n.fx.speeds[d.duration]:n.fx.speeds._default,null!=d.queue&&d.queue!==!0||(d.queue="fx"),d.old=d.complete,d.complete=function(){n.isFunction(d.old)&&d.old.call(this),d.queue&&n.dequeue(this,d.queue)},d},n.fn.extend({fadeTo:function(a,b,c,d){return this.filter(W).css("opacity",0).show().end().animate({opacity:b},a,c,d)},animate:function(a,b,c,d){var e=n.isEmptyObject(a),f=n.speed(b,c,d),g=function(){var b=qb(this,n.extend({},a),f);(e||n._data(this,"finish"))&&b.stop(!0)};return g.finish=g,e||f.queue===!1?this.each(g):this.queue(f.queue,g)},stop:function(a,b,c){var d=function(a){var b=a.stop;delete a.stop,b(c)};return"string"!=typeof a&&(c=b,b=a,a=void 0),b&&a!==!1&&this.queue(a||"fx",[]),this.each(function(){var b=!0,e=null!=a&&a+"queueHooks",f=n.timers,g=n._data(this);if(e)g[e]&&g[e].stop&&d(g[e]);else for(e in g)g[e]&&g[e].stop&&kb.test(e)&&d(g[e]);for(e=f.length;e--;)f[e].elem!==this||null!=a&&f[e].queue!==a||(f[e].anim.stop(c),b=!1,f.splice(e,1));!b&&c||n.dequeue(this,a)})},finish:function(a){return a!==!1&&(a=a||"fx"),this.each(function(){var b,c=n._data(this),d=c[a+"queue"],e=c[a+"queueHooks"],f=n.timers,g=d?d.length:0;for(c.finish=!0,n.queue(this,a,[]),e&&e.stop&&e.stop.call(this,!0),b=f.length;b--;)f[b].elem===this&&f[b].queue===a&&(f[b].anim.stop(!0),f.splice(b,1));for(b=0;g>b;b++)d[b]&&d[b].finish&&d[b].finish.call(this);delete c.finish})}}),n.each(["toggle","show","hide"],function(a,b){var c=n.fn[b];n.fn[b]=function(a,d,e){return null==a||"boolean"==typeof a?c.apply(this,arguments):this.animate(mb(b,!0),a,d,e)}}),n.each({slideDown:mb("show"),slideUp:mb("hide"),slideToggle:mb("toggle"),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(a,b){n.fn[a]=function(a,c,d){return this.animate(b,a,c,d)}}),n.timers=[],n.fx.tick=function(){var a,b=n.timers,c=0;for(hb=n.now();c<b.length;c++)a=b[c],a()||b[c]!==a||b.splice(c--,1);b.length||n.fx.stop(),hb=void 0},n.fx.timer=function(a){n.timers.push(a),a()?n.fx.start():n.timers.pop()},n.fx.interval=13,n.fx.start=function(){ib||(ib=a.setInterval(n.fx.tick,n.fx.interval))},n.fx.stop=function(){a.clearInterval(ib),ib=null},n.fx.speeds={slow:600,fast:200,_default:400},n.fn.delay=function(b,c){return b=n.fx?n.fx.speeds[b]||b:b,c=c||"fx",this.queue(c,function(c,d){var e=a.setTimeout(c,b);d.stop=function(){a.clearTimeout(e)}})},function(){var a,b=d.createElement("input"),c=d.createElement("div"),e=d.createElement("select"),f=e.appendChild(d.createElement("option"));c=d.createElement("div"),c.setAttribute("className","t"),c.innerHTML=" <link/><table></table><a href='/a'>a</a><input type='checkbox'/>",a=c.getElementsByTagName("a")[0],b.setAttribute("type","checkbox"),c.appendChild(b),a=c.getElementsByTagName("a")[0],a.style.cssText="top:1px",l.getSetAttribute="t"!==c.className,l.style=/top/.test(a.getAttribute("style")),l.hrefNormalized="/a"===a.getAttribute("href"),l.checkOn=!!b.value,l.optSelected=f.selected,l.enctype=!!d.createElement("form").enctype,e.disabled=!0,l.optDisabled=!f.disabled,b=d.createElement("input"),b.setAttribute("value",""),l.input=""===b.getAttribute("value"),b.value="t",b.setAttribute("type","radio"),l.radioValue="t"===b.value}();var rb=/\r/g,sb=/[\x20\t\r\n\f]+/g;n.fn.extend({val:function(a){var b,c,d,e=this[0];{if(arguments.length)return d=n.isFunction(a),this.each(function(c){var e;1===this.nodeType&&(e=d?a.call(this,c,n(this).val()):a,null==e?e="":"number"==typeof e?e+="":n.isArray(e)&&(e=n.map(e,function(a){return null==a?"":a+""})),b=n.valHooks[this.type]||n.valHooks[this.nodeName.toLowerCase()],b&&"set"in b&&void 0!==b.set(this,e,"value")||(this.value=e))});if(e)return b=n.valHooks[e.type]||n.valHooks[e.nodeName.toLowerCase()],b&&"get"in b&&void 0!==(c=b.get(e,"value"))?c:(c=e.value,"string"==typeof c?c.replace(rb,""):null==c?"":c)}}}),n.extend({valHooks:{option:{get:function(a){var b=n.find.attr(a,"value");return null!=b?b:n.trim(n.text(a)).replace(sb," ")}},select:{get:function(a){for(var b,c,d=a.options,e=a.selectedIndex,f="select-one"===a.type||0>e,g=f?null:[],h=f?e+1:d.length,i=0>e?h:f?e:0;h>i;i++)if(c=d[i],(c.selected||i===e)&&(l.optDisabled?!c.disabled:null===c.getAttribute("disabled"))&&(!c.parentNode.disabled||!n.nodeName(c.parentNode,"optgroup"))){if(b=n(c).val(),f)return b;g.push(b)}return g},set:function(a,b){var c,d,e=a.options,f=n.makeArray(b),g=e.length;while(g--)if(d=e[g],n.inArray(n.valHooks.option.get(d),f)>-1)try{d.selected=c=!0}catch(h){d.scrollHeight}else d.selected=!1;return c||(a.selectedIndex=-1),e}}}}),n.each(["radio","checkbox"],function(){n.valHooks[this]={set:function(a,b){return n.isArray(b)?a.checked=n.inArray(n(a).val(),b)>-1:void 0}},l.checkOn||(n.valHooks[this].get=function(a){return null===a.getAttribute("value")?"on":a.value})});var tb,ub,vb=n.expr.attrHandle,wb=/^(?:checked|selected)$/i,xb=l.getSetAttribute,yb=l.input;n.fn.extend({attr:function(a,b){return Y(this,n.attr,a,b,arguments.length>1)},removeAttr:function(a){return this.each(function(){n.removeAttr(this,a)})}}),n.extend({attr:function(a,b,c){var d,e,f=a.nodeType;if(3!==f&&8!==f&&2!==f)return"undefined"==typeof a.getAttribute?n.prop(a,b,c):(1===f&&n.isXMLDoc(a)||(b=b.toLowerCase(),e=n.attrHooks[b]||(n.expr.match.bool.test(b)?ub:tb)),void 0!==c?null===c?void n.removeAttr(a,b):e&&"set"in e&&void 0!==(d=e.set(a,c,b))?d:(a.setAttribute(b,c+""),c):e&&"get"in e&&null!==(d=e.get(a,b))?d:(d=n.find.attr(a,b),null==d?void 0:d))},attrHooks:{type:{set:function(a,b){if(!l.radioValue&&"radio"===b&&n.nodeName(a,"input")){var c=a.value;return a.setAttribute("type",b),c&&(a.value=c),b}}}},removeAttr:function(a,b){var c,d,e=0,f=b&&b.match(G);if(f&&1===a.nodeType)while(c=f[e++])d=n.propFix[c]||c,n.expr.match.bool.test(c)?yb&&xb||!wb.test(c)?a[d]=!1:a[n.camelCase("default-"+c)]=a[d]=!1:n.attr(a,c,""),a.removeAttribute(xb?c:d)}}),ub={set:function(a,b,c){return b===!1?n.removeAttr(a,c):yb&&xb||!wb.test(c)?a.setAttribute(!xb&&n.propFix[c]||c,c):a[n.camelCase("default-"+c)]=a[c]=!0,c}},n.each(n.expr.match.bool.source.match(/\w+/g),function(a,b){var c=vb[b]||n.find.attr;yb&&xb||!wb.test(b)?vb[b]=function(a,b,d){var e,f;return d||(f=vb[b],vb[b]=e,e=null!=c(a,b,d)?b.toLowerCase():null,vb[b]=f),e}:vb[b]=function(a,b,c){return c?void 0:a[n.camelCase("default-"+b)]?b.toLowerCase():null}}),yb&&xb||(n.attrHooks.value={set:function(a,b,c){return n.nodeName(a,"input")?void(a.defaultValue=b):tb&&tb.set(a,b,c)}}),xb||(tb={set:function(a,b,c){var d=a.getAttributeNode(c);return d||a.setAttributeNode(d=a.ownerDocument.createAttribute(c)),d.value=b+="","value"===c||b===a.getAttribute(c)?b:void 0}},vb.id=vb.name=vb.coords=function(a,b,c){var d;return c?void 0:(d=a.getAttributeNode(b))&&""!==d.value?d.value:null},n.valHooks.button={get:function(a,b){var c=a.getAttributeNode(b);return c&&c.specified?c.value:void 0},set:tb.set},n.attrHooks.contenteditable={set:function(a,b,c){tb.set(a,""===b?!1:b,c)}},n.each(["width","height"],function(a,b){n.attrHooks[b]={set:function(a,c){return""===c?(a.setAttribute(b,"auto"),c):void 0}}})),l.style||(n.attrHooks.style={get:function(a){return a.style.cssText||void 0},set:function(a,b){return a.style.cssText=b+""}});var zb=/^(?:input|select|textarea|button|object)$/i,Ab=/^(?:a|area)$/i;n.fn.extend({prop:function(a,b){return Y(this,n.prop,a,b,arguments.length>1)},removeProp:function(a){return a=n.propFix[a]||a,this.each(function(){try{this[a]=void 0,delete this[a]}catch(b){}})}}),n.extend({prop:function(a,b,c){var d,e,f=a.nodeType;if(3!==f&&8!==f&&2!==f)return 1===f&&n.isXMLDoc(a)||(b=n.propFix[b]||b,e=n.propHooks[b]),void 0!==c?e&&"set"in e&&void 0!==(d=e.set(a,c,b))?d:a[b]=c:e&&"get"in e&&null!==(d=e.get(a,b))?d:a[b]},propHooks:{tabIndex:{get:function(a){var b=n.find.attr(a,"tabindex");return b?parseInt(b,10):zb.test(a.nodeName)||Ab.test(a.nodeName)&&a.href?0:-1}}},propFix:{"for":"htmlFor","class":"className"}}),l.hrefNormalized||n.each(["href","src"],function(a,b){n.propHooks[b]={get:function(a){return a.getAttribute(b,4)}}}),l.optSelected||(n.propHooks.selected={get:function(a){var b=a.parentNode;return b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex),null},set:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex)}}),n.each(["tabIndex","readOnly","maxLength","cellSpacing","cellPadding","rowSpan","colSpan","useMap","frameBorder","contentEditable"],function(){n.propFix[this.toLowerCase()]=this}),l.enctype||(n.propFix.enctype="encoding");var Bb=/[\t\r\n\f]/g;function Cb(a){return n.attr(a,"class")||""}n.fn.extend({addClass:function(a){var b,c,d,e,f,g,h,i=0;if(n.isFunction(a))return this.each(function(b){n(this).addClass(a.call(this,b,Cb(this)))});if("string"==typeof a&&a){b=a.match(G)||[];while(c=this[i++])if(e=Cb(c),d=1===c.nodeType&&(" "+e+" ").replace(Bb," ")){g=0;while(f=b[g++])d.indexOf(" "+f+" ")<0&&(d+=f+" ");h=n.trim(d),e!==h&&n.attr(c,"class",h)}}return this},removeClass:function(a){var b,c,d,e,f,g,h,i=0;if(n.isFunction(a))return this.each(function(b){n(this).removeClass(a.call(this,b,Cb(this)))});if(!arguments.length)return this.attr("class","");if("string"==typeof a&&a){b=a.match(G)||[];while(c=this[i++])if(e=Cb(c),d=1===c.nodeType&&(" "+e+" ").replace(Bb," ")){g=0;while(f=b[g++])while(d.indexOf(" "+f+" ")>-1)d=d.replace(" "+f+" "," ");h=n.trim(d),e!==h&&n.attr(c,"class",h)}}return this},toggleClass:function(a,b){var c=typeof a;return"boolean"==typeof b&&"string"===c?b?this.addClass(a):this.removeClass(a):n.isFunction(a)?this.each(function(c){n(this).toggleClass(a.call(this,c,Cb(this),b),b)}):this.each(function(){var b,d,e,f;if("string"===c){d=0,e=n(this),f=a.match(G)||[];while(b=f[d++])e.hasClass(b)?e.removeClass(b):e.addClass(b)}else void 0!==a&&"boolean"!==c||(b=Cb(this),b&&n._data(this,"__className__",b),n.attr(this,"class",b||a===!1?"":n._data(this,"__className__")||""))})},hasClass:function(a){var b,c,d=0;b=" "+a+" ";while(c=this[d++])if(1===c.nodeType&&(" "+Cb(c)+" ").replace(Bb," ").indexOf(b)>-1)return!0;return!1}}),n.each("blur focus focusin focusout load resize scroll unload click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup error contextmenu".split(" "),function(a,b){n.fn[b]=function(a,c){return arguments.length>0?this.on(b,null,a,c):this.trigger(b)}}),n.fn.extend({hover:function(a,b){return this.mouseenter(a).mouseleave(b||a)}});var Db=a.location,Eb=n.now(),Fb=/\?/,Gb=/(,)|(\[|{)|(}|])|"(?:[^"\\\r\n]|\\["\\\/bfnrt]|\\u[\da-fA-F]{4})*"\s*:?|true|false|null|-?(?!0\d)\d+(?:\.\d+|)(?:[eE][+-]?\d+|)/g;n.parseJSON=function(b){if(a.JSON&&a.JSON.parse)return a.JSON.parse(b+"");var c,d=null,e=n.trim(b+"");return e&&!n.trim(e.replace(Gb,function(a,b,e,f){return c&&b&&(d=0),0===d?a:(c=e||b,d+=!f-!e,"")}))?Function("return "+e)():n.error("Invalid JSON: "+b)},n.parseXML=function(b){var c,d;if(!b||"string"!=typeof b)return null;try{a.DOMParser?(d=new a.DOMParser,c=d.parseFromString(b,"text/xml")):(c=new a.ActiveXObject("Microsoft.XMLDOM"),c.async="false",c.loadXML(b))}catch(e){c=void 0}return c&&c.documentElement&&!c.getElementsByTagName("parsererror").length||n.error("Invalid XML: "+b),c};var Hb=/#.*$/,Ib=/([?&])_=[^&]*/,Jb=/^(.*?):[ \t]*([^\r\n]*)\r?$/gm,Kb=/^(?:about|app|app-storage|.+-extension|file|res|widget):$/,Lb=/^(?:GET|HEAD)$/,Mb=/^\/\//,Nb=/^([\w.+-]+:)(?:\/\/(?:[^\/?#]*@|)([^\/?#:]*)(?::(\d+)|)|)/,Ob={},Pb={},Qb="*/".concat("*"),Rb=Db.href,Sb=Nb.exec(Rb.toLowerCase())||[];function Tb(a){return function(b,c){"string"!=typeof b&&(c=b,b="*");var d,e=0,f=b.toLowerCase().match(G)||[];if(n.isFunction(c))while(d=f[e++])"+"===d.charAt(0)?(d=d.slice(1)||"*",(a[d]=a[d]||[]).unshift(c)):(a[d]=a[d]||[]).push(c)}}function Ub(a,b,c,d){var e={},f=a===Pb;function g(h){var i;return e[h]=!0,n.each(a[h]||[],function(a,h){var j=h(b,c,d);return"string"!=typeof j||f||e[j]?f?!(i=j):void 0:(b.dataTypes.unshift(j),g(j),!1)}),i}return g(b.dataTypes[0])||!e["*"]&&g("*")}function Vb(a,b){var c,d,e=n.ajaxSettings.flatOptions||{};for(d in b)void 0!==b[d]&&((e[d]?a:c||(c={}))[d]=b[d]);return c&&n.extend(!0,a,c),a}function Wb(a,b,c){var d,e,f,g,h=a.contents,i=a.dataTypes;while("*"===i[0])i.shift(),void 0===e&&(e=a.mimeType||b.getResponseHeader("Content-Type"));if(e)for(g in h)if(h[g]&&h[g].test(e)){i.unshift(g);break}if(i[0]in c)f=i[0];else{for(g in c){if(!i[0]||a.converters[g+" "+i[0]]){f=g;break}d||(d=g)}f=f||d}return f?(f!==i[0]&&i.unshift(f),c[f]):void 0}function Xb(a,b,c,d){var e,f,g,h,i,j={},k=a.dataTypes.slice();if(k[1])for(g in a.converters)j[g.toLowerCase()]=a.converters[g];f=k.shift();while(f)if(a.responseFields[f]&&(c[a.responseFields[f]]=b),!i&&d&&a.dataFilter&&(b=a.dataFilter(b,a.dataType)),i=f,f=k.shift())if("*"===f)f=i;else if("*"!==i&&i!==f){if(g=j[i+" "+f]||j["* "+f],!g)for(e in j)if(h=e.split(" "),h[1]===f&&(g=j[i+" "+h[0]]||j["* "+h[0]])){g===!0?g=j[e]:j[e]!==!0&&(f=h[0],k.unshift(h[1]));break}if(g!==!0)if(g&&a["throws"])b=g(b);else try{b=g(b)}catch(l){return{state:"parsererror",error:g?l:"No conversion from "+i+" to "+f}}}return{state:"success",data:b}}n.extend({active:0,lastModified:{},etag:{},ajaxSettings:{url:Rb,type:"GET",isLocal:Kb.test(Sb[1]),global:!0,processData:!0,async:!0,contentType:"application/x-www-form-urlencoded; charset=UTF-8",accepts:{"*":Qb,text:"text/plain",html:"text/html",xml:"application/xml, text/xml",json:"application/json, text/javascript"},contents:{xml:/\bxml\b/,html:/\bhtml/,json:/\bjson\b/},responseFields:{xml:"responseXML",text:"responseText",json:"responseJSON"},converters:{"* text":String,"text html":!0,"text json":n.parseJSON,"text xml":n.parseXML},flatOptions:{url:!0,context:!0}},ajaxSetup:function(a,b){return b?Vb(Vb(a,n.ajaxSettings),b):Vb(n.ajaxSettings,a)},ajaxPrefilter:Tb(Ob),ajaxTransport:Tb(Pb),ajax:function(b,c){"object"==typeof b&&(c=b,b=void 0),c=c||{};var d,e,f,g,h,i,j,k,l=n.ajaxSetup({},c),m=l.context||l,o=l.context&&(m.nodeType||m.jquery)?n(m):n.event,p=n.Deferred(),q=n.Callbacks("once memory"),r=l.statusCode||{},s={},t={},u=0,v="canceled",w={readyState:0,getResponseHeader:function(a){var b;if(2===u){if(!k){k={};while(b=Jb.exec(g))k[b[1].toLowerCase()]=b[2]}b=k[a.toLowerCase()]}return null==b?null:b},getAllResponseHeaders:function(){return 2===u?g:null},setRequestHeader:function(a,b){var c=a.toLowerCase();return u||(a=t[c]=t[c]||a,s[a]=b),this},overrideMimeType:function(a){return u||(l.mimeType=a),this},statusCode:function(a){var b;if(a)if(2>u)for(b in a)r[b]=[r[b],a[b]];else w.always(a[w.status]);return this},abort:function(a){var b=a||v;return j&&j.abort(b),y(0,b),this}};if(p.promise(w).complete=q.add,w.success=w.done,w.error=w.fail,l.url=((b||l.url||Rb)+"").replace(Hb,"").replace(Mb,Sb[1]+"//"),l.type=c.method||c.type||l.method||l.type,l.dataTypes=n.trim(l.dataType||"*").toLowerCase().match(G)||[""],null==l.crossDomain&&(d=Nb.exec(l.url.toLowerCase()),l.crossDomain=!(!d||d[1]===Sb[1]&&d[2]===Sb[2]&&(d[3]||("http:"===d[1]?"80":"443"))===(Sb[3]||("http:"===Sb[1]?"80":"443")))),l.data&&l.processData&&"string"!=typeof l.data&&(l.data=n.param(l.data,l.traditional)),Ub(Ob,l,c,w),2===u)return w;i=n.event&&l.global,i&&0===n.active++&&n.event.trigger("ajaxStart"),l.type=l.type.toUpperCase(),l.hasContent=!Lb.test(l.type),f=l.url,l.hasContent||(l.data&&(f=l.url+=(Fb.test(f)?"&":"?")+l.data,delete l.data),l.cache===!1&&(l.url=Ib.test(f)?f.replace(Ib,"$1_="+Eb++):f+(Fb.test(f)?"&":"?")+"_="+Eb++)),l.ifModified&&(n.lastModified[f]&&w.setRequestHeader("If-Modified-Since",n.lastModified[f]),n.etag[f]&&w.setRequestHeader("If-None-Match",n.etag[f])),(l.data&&l.hasContent&&l.contentType!==!1||c.contentType)&&w.setRequestHeader("Content-Type",l.contentType),w.setRequestHeader("Accept",l.dataTypes[0]&&l.accepts[l.dataTypes[0]]?l.accepts[l.dataTypes[0]]+("*"!==l.dataTypes[0]?", "+Qb+"; q=0.01":""):l.accepts["*"]);for(e in l.headers)w.setRequestHeader(e,l.headers[e]);if(l.beforeSend&&(l.beforeSend.call(m,w,l)===!1||2===u))return w.abort();v="abort";for(e in{success:1,error:1,complete:1})w[e](l[e]);if(j=Ub(Pb,l,c,w)){if(w.readyState=1,i&&o.trigger("ajaxSend",[w,l]),2===u)return w;l.async&&l.timeout>0&&(h=a.setTimeout(function(){w.abort("timeout")},l.timeout));try{u=1,j.send(s,y)}catch(x){if(!(2>u))throw x;y(-1,x)}}else y(-1,"No Transport");function y(b,c,d,e){var k,s,t,v,x,y=c;2!==u&&(u=2,h&&a.clearTimeout(h),j=void 0,g=e||"",w.readyState=b>0?4:0,k=b>=200&&300>b||304===b,d&&(v=Wb(l,w,d)),v=Xb(l,v,w,k),k?(l.ifModified&&(x=w.getResponseHeader("Last-Modified"),x&&(n.lastModified[f]=x),x=w.getResponseHeader("etag"),x&&(n.etag[f]=x)),204===b||"HEAD"===l.type?y="nocontent":304===b?y="notmodified":(y=v.state,s=v.data,t=v.error,k=!t)):(t=y,!b&&y||(y="error",0>b&&(b=0))),w.status=b,w.statusText=(c||y)+"",k?p.resolveWith(m,[s,y,w]):p.rejectWith(m,[w,y,t]),w.statusCode(r),r=void 0,i&&o.trigger(k?"ajaxSuccess":"ajaxError",[w,l,k?s:t]),q.fireWith(m,[w,y]),i&&(o.trigger("ajaxComplete",[w,l]),--n.active||n.event.trigger("ajaxStop")))}return w},getJSON:function(a,b,c){return n.get(a,b,c,"json")},getScript:function(a,b){return n.get(a,void 0,b,"script")}}),n.each(["get","post"],function(a,b){n[b]=function(a,c,d,e){return n.isFunction(c)&&(e=e||d,d=c,c=void 0),n.ajax(n.extend({url:a,type:b,dataType:e,data:c,success:d},n.isPlainObject(a)&&a))}}),n._evalUrl=function(a){return n.ajax({url:a,type:"GET",dataType:"script",cache:!0,async:!1,global:!1,"throws":!0})},n.fn.extend({wrapAll:function(a){if(n.isFunction(a))return this.each(function(b){n(this).wrapAll(a.call(this,b))});if(this[0]){var b=n(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&1===a.firstChild.nodeType)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){return n.isFunction(a)?this.each(function(b){n(this).wrapInner(a.call(this,b))}):this.each(function(){var b=n(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){var b=n.isFunction(a);return this.each(function(c){n(this).wrapAll(b?a.call(this,c):a)})},unwrap:function(){return this.parent().each(function(){n.nodeName(this,"body")||n(this).replaceWith(this.childNodes)}).end()}});function Yb(a){return a.style&&a.style.display||n.css(a,"display")}function Zb(a){if(!n.contains(a.ownerDocument||d,a))return!0;while(a&&1===a.nodeType){if("none"===Yb(a)||"hidden"===a.type)return!0;a=a.parentNode}return!1}n.expr.filters.hidden=function(a){return l.reliableHiddenOffsets()?a.offsetWidth<=0&&a.offsetHeight<=0&&!a.getClientRects().length:Zb(a)},n.expr.filters.visible=function(a){return!n.expr.filters.hidden(a)};var $b=/%20/g,_b=/\[\]$/,ac=/\r?\n/g,bc=/^(?:submit|button|image|reset|file)$/i,cc=/^(?:input|select|textarea|keygen)/i;function dc(a,b,c,d){var e;if(n.isArray(b))n.each(b,function(b,e){c||_b.test(a)?d(a,e):dc(a+"["+("object"==typeof e&&null!=e?b:"")+"]",e,c,d)});else if(c||"object"!==n.type(b))d(a,b);else for(e in b)dc(a+"["+e+"]",b[e],c,d)}n.param=function(a,b){var c,d=[],e=function(a,b){b=n.isFunction(b)?b():null==b?"":b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};if(void 0===b&&(b=n.ajaxSettings&&n.ajaxSettings.traditional),n.isArray(a)||a.jquery&&!n.isPlainObject(a))n.each(a,function(){e(this.name,this.value)});else for(c in a)dc(c,a[c],b,e);return d.join("&").replace($b,"+")},n.fn.extend({serialize:function(){return n.param(this.serializeArray())},serializeArray:function(){return this.map(function(){var a=n.prop(this,"elements");return a?n.makeArray(a):this}).filter(function(){var a=this.type;return this.name&&!n(this).is(":disabled")&&cc.test(this.nodeName)&&!bc.test(a)&&(this.checked||!Z.test(a))}).map(function(a,b){var c=n(this).val();return null==c?null:n.isArray(c)?n.map(c,function(a){return{name:b.name,value:a.replace(ac,"\r\n")}}):{name:b.name,value:c.replace(ac,"\r\n")}}).get()}}),n.ajaxSettings.xhr=void 0!==a.ActiveXObject?function(){return this.isLocal?ic():d.documentMode>8?hc():/^(get|post|head|put|delete|options)$/i.test(this.type)&&hc()||ic()}:hc;var ec=0,fc={},gc=n.ajaxSettings.xhr();a.attachEvent&&a.attachEvent("onunload",function(){for(var a in fc)fc[a](void 0,!0)}),l.cors=!!gc&&"withCredentials"in gc,gc=l.ajax=!!gc,gc&&n.ajaxTransport(function(b){if(!b.crossDomain||l.cors){var c;return{send:function(d,e){var f,g=b.xhr(),h=++ec;if(g.open(b.type,b.url,b.async,b.username,b.password),b.xhrFields)for(f in b.xhrFields)g[f]=b.xhrFields[f];b.mimeType&&g.overrideMimeType&&g.overrideMimeType(b.mimeType),b.crossDomain||d["X-Requested-With"]||(d["X-Requested-With"]="XMLHttpRequest");for(f in d)void 0!==d[f]&&g.setRequestHeader(f,d[f]+"");g.send(b.hasContent&&b.data||null),c=function(a,d){var f,i,j;if(c&&(d||4===g.readyState))if(delete fc[h],c=void 0,g.onreadystatechange=n.noop,d)4!==g.readyState&&g.abort();else{j={},f=g.status,"string"==typeof g.responseText&&(j.text=g.responseText);try{i=g.statusText}catch(k){i=""}f||!b.isLocal||b.crossDomain?1223===f&&(f=204):f=j.text?200:404}j&&e(f,i,j,g.getAllResponseHeaders())},b.async?4===g.readyState?a.setTimeout(c):g.onreadystatechange=fc[h]=c:c()},abort:function(){c&&c(void 0,!0)}}}});function hc(){try{return new a.XMLHttpRequest}catch(b){}}function ic(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}n.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/\b(?:java|ecma)script\b/},converters:{"text script":function(a){return n.globalEval(a),a}}}),n.ajaxPrefilter("script",function(a){void 0===a.cache&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),n.ajaxTransport("script",function(a){if(a.crossDomain){var b,c=d.head||n("head")[0]||d.documentElement;return{send:function(e,f){b=d.createElement("script"),b.async=!0,a.scriptCharset&&(b.charset=a.scriptCharset),b.src=a.url,b.onload=b.onreadystatechange=function(a,c){(c||!b.readyState||/loaded|complete/.test(b.readyState))&&(b.onload=b.onreadystatechange=null,b.parentNode&&b.parentNode.removeChild(b),b=null,c||f(200,"success"))},c.insertBefore(b,c.firstChild)},abort:function(){b&&b.onload(void 0,!0)}}}});var jc=[],kc=/(=)\?(?=&|$)|\?\?/;n.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var a=jc.pop()||n.expando+"_"+Eb++;return this[a]=!0,a}}),n.ajaxPrefilter("json jsonp",function(b,c,d){var e,f,g,h=b.jsonp!==!1&&(kc.test(b.url)?"url":"string"==typeof b.data&&0===(b.contentType||"").indexOf("application/x-www-form-urlencoded")&&kc.test(b.data)&&"data");return h||"jsonp"===b.dataTypes[0]?(e=b.jsonpCallback=n.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,h?b[h]=b[h].replace(kc,"$1"+e):b.jsonp!==!1&&(b.url+=(Fb.test(b.url)?"&":"?")+b.jsonp+"="+e),b.converters["script json"]=function(){return g||n.error(e+" was not called"),g[0]},b.dataTypes[0]="json",f=a[e],a[e]=function(){g=arguments},d.always(function(){void 0===f?n(a).removeProp(e):a[e]=f,b[e]&&(b.jsonpCallback=c.jsonpCallback,jc.push(e)),g&&n.isFunction(f)&&f(g[0]),g=f=void 0}),"script"):void 0}),n.parseHTML=function(a,b,c){if(!a||"string"!=typeof a)return null;"boolean"==typeof b&&(c=b,b=!1),b=b||d;var e=x.exec(a),f=!c&&[];return e?[b.createElement(e[1])]:(e=ja([a],b,f),f&&f.length&&n(f).remove(),n.merge([],e.childNodes))};var lc=n.fn.load;n.fn.load=function(a,b,c){if("string"!=typeof a&&lc)return lc.apply(this,arguments);var d,e,f,g=this,h=a.indexOf(" ");return h>-1&&(d=n.trim(a.slice(h,a.length)),a=a.slice(0,h)),n.isFunction(b)?(c=b,b=void 0):b&&"object"==typeof b&&(e="POST"),g.length>0&&n.ajax({url:a,type:e||"GET",dataType:"html",data:b}).done(function(a){f=arguments,g.html(d?n("<div>").append(n.parseHTML(a)).find(d):a)}).always(c&&function(a,b){g.each(function(){c.apply(this,f||[a.responseText,b,a])})}),this},n.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(a,b){n.fn[b]=function(a){return this.on(b,a)}}),n.expr.filters.animated=function(a){return n.grep(n.timers,function(b){return a===b.elem}).length};function mc(a){return n.isWindow(a)?a:9===a.nodeType?a.defaultView||a.parentWindow:!1}n.offset={setOffset:function(a,b,c){var d,e,f,g,h,i,j,k=n.css(a,"position"),l=n(a),m={};"static"===k&&(a.style.position="relative"),h=l.offset(),f=n.css(a,"top"),i=n.css(a,"left"),j=("absolute"===k||"fixed"===k)&&n.inArray("auto",[f,i])>-1,j?(d=l.position(),g=d.top,e=d.left):(g=parseFloat(f)||0,e=parseFloat(i)||0),n.isFunction(b)&&(b=b.call(a,c,n.extend({},h))),null!=b.top&&(m.top=b.top-h.top+g),null!=b.left&&(m.left=b.left-h.left+e),"using"in b?b.using.call(a,m):l.css(m)}},n.fn.extend({offset:function(a){if(arguments.length)return void 0===a?this:this.each(function(b){n.offset.setOffset(this,a,b)});var b,c,d={top:0,left:0},e=this[0],f=e&&e.ownerDocument;if(f)return b=f.documentElement,n.contains(b,e)?("undefined"!=typeof e.getBoundingClientRect&&(d=e.getBoundingClientRect()),c=mc(f),{top:d.top+(c.pageYOffset||b.scrollTop)-(b.clientTop||0),left:d.left+(c.pageXOffset||b.scrollLeft)-(b.clientLeft||0)}):d},position:function(){if(this[0]){var a,b,c={top:0,left:0},d=this[0];return"fixed"===n.css(d,"position")?b=d.getBoundingClientRect():(a=this.offsetParent(),b=this.offset(),n.nodeName(a[0],"html")||(c=a.offset()),c.top+=n.css(a[0],"borderTopWidth",!0),c.left+=n.css(a[0],"borderLeftWidth",!0)),{top:b.top-c.top-n.css(d,"marginTop",!0),left:b.left-c.left-n.css(d,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var a=this.offsetParent;while(a&&!n.nodeName(a,"html")&&"static"===n.css(a,"position"))a=a.offsetParent;return a||Qa})}}),n.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(a,b){var c=/Y/.test(b);n.fn[a]=function(d){return Y(this,function(a,d,e){var f=mc(a);return void 0===e?f?b in f?f[b]:f.document.documentElement[d]:a[d]:void(f?f.scrollTo(c?n(f).scrollLeft():e,c?e:n(f).scrollTop()):a[d]=e)},a,d,arguments.length,null)}}),n.each(["top","left"],function(a,b){n.cssHooks[b]=Ua(l.pixelPosition,function(a,c){return c?(c=Sa(a,b),Oa.test(c)?n(a).position()[b]+"px":c):void 0})}),n.each({Height:"height",Width:"width"},function(a,b){n.each({ >padding:"inner"+a,content:b,"":"outer"+a},function(c,d){n.fn[d]=function(d,e){var f=arguments.length&&(c||"boolean"!=typeof d),g=c||(d===!0||e===!0?"margin":"border");return Y(this,function(b,c,d){var e;return n.isWindow(b)?b.document.documentElement["client"+a]:9===b.nodeType?(e=b.documentElement,Math.max(b.body["scroll"+a],e["scroll"+a],b.body["offset"+a],e["offset"+a],e["client"+a])):void 0===d?n.css(b,c,g):n.style(b,c,d,g)},b,f?d:void 0,f,null)}})}),n.fn.extend({bind:function(a,b,c){return this.on(a,null,b,c)},unbind:function(a,b){return this.off(a,null,b)},delegate:function(a,b,c,d){return this.on(b,a,c,d)},undelegate:function(a,b,c){return 1===arguments.length?this.off(a,"**"):this.off(b,a||"**",c)}}),n.fn.size=function(){return this.length},n.fn.andSelf=n.fn.addBack,"function"==typeof define&&define.amd&&define("jquery",[],function(){return n});var nc=a.jQuery,oc=a.$;return n.noConflict=function(b){return a.$===n&&(a.$=oc),b&&a.jQuery===n&&(a.jQuery=nc),n},b||(a.jQuery=a.$=n),n}); >(function($){var Node,Tree,methods;Node=(function(){function Node(row,tree,settings){var parentId;this.row=row;this.tree=tree;this.settings=settings;this.id=this.row.data(this.settings.nodeIdAttr);parentId=this.row.data(this.settings.parentIdAttr);if(parentId!=null&&parentId!=="")this.parentId=parentId;this.treeCell=$(this.row.children(this.settings.columnElType)[this.settings.column]);this.expander=$(this.settings.expanderTemplate);this.indenter=$(this.settings.indenterTemplate);this.children=[];this.initialized=false;this.treeCell.prepend(this.indenter);}Node.prototype.addChild=function(child){return this.children.push(child);};Node.prototype.ancestors=function(){var ancestors,node;node=this;ancestors=[];while(node=node.parentNode())ancestors.push(node);return ancestors;};Node.prototype.collapse=function(){if(this.collapsed())return this;this.row.removeClass("expanded").addClass("collapsed");this._hideChildren();this.expander.attr("title",this.settings.stringExpand);if(this.initialized&&this.settings.onNodeCollapse!=null)this.settings.onNodeCollapse.apply(this);return this;};Node.prototype.collapsed=function(){return this.row.hasClass("collapsed");};Node.prototype.expand=function(){if(this.expanded())return this;this.row.removeClass("collapsed").addClass("expanded");if(this.initialized&&this.settings.onNodeExpand!=null)this.settings.onNodeExpand.apply(this);if($(this.row).is(":visible"))this._showChildren();this.expander.attr("title",this.settings.stringCollapse);return this;};Node.prototype.expanded=function(){return this.row.hasClass("expanded");};Node.prototype.hide=function(){this._hideChildren();this.row.hide();return this;};Node.prototype.isBranchNode=function(){if(this.children.length>0||this.row.data(this.settings.branchAttr)===true)return true;else return false;};Node.prototype.updateBranchLeafClass=function(){this.row.removeClass('branch');this.row.removeClass('leaf');this.row.addClass(this.isBranchNode()?'branch':'leaf');};Node.prototype.level=function(){return this.ancestors().length;};Node.prototype.parentNode=function(){if(this.parentId!=null)return this.tree[this.parentId];else return null;};Node.prototype.removeChild=function(child){var i=$.inArray(child,this.children);return this.children.splice(i,1);};Node.prototype.render=function(){var handler,settings=this.settings,target;if(settings.expandable===true&&this.isBranchNode()){handler=function(e){$(this).parents("table").treetable("node",$(this).parents("tr").data(settings.nodeIdAttr)).toggle();return e.preventDefault();};this.indenter.html(this.expander);target=settings.clickableNodeNames===true?this.treeCell:this.expander;target.off("click.treetable").on("click.treetable",handler);target.off("keydown.treetable").on("keydown.treetable",function(e){if(e.keyCode==13)handler.apply(this,[e]);});}this.indenter[0].style.paddingLeft=""+(this.level()*settings.indent)+"px";return this;};Node.prototype.reveal=function(){if(this.parentId!=null)this.parentNode().reveal();return this.expand();};Node.prototype.setParent=function(node){if(this.parentId!=null)this.tree[this.parentId].removeChild(this);this.parentId=node.id;this.row.data(this.settings.parentIdAttr,node.id);return node.addChild(this);};Node.prototype.show=function(){if(!this.initialized)this._initialize();this.row.show();if(this.expanded())this._showChildren();return this;};Node.prototype.toggle=function(){if(this.expanded())this.collapse();else this.expand();return this;};Node.prototype._hideChildren=function(){var child,_i,_len,_ref,_results;_ref=this.children;_results=[];for(_i=0,_len=_ref.length;_i<_len;_i++){child=_ref[_i];_results.push(child.hide());}return _results;};Node.prototype._initialize=function(){var settings=this.settings;this.render();if(settings.expandable===true&&settings.initialState==="collapsed")this.collapse();else this.expand();if(settings.onNodeInitialized!=null)settings.onNodeInitialized.apply(this);return this.initialized=true;};Node.prototype._showChildren=function(){var child,_i,_len,_ref,_results;_ref=this.children;_results=[];for(_i=0,_len=_ref.length;_i<_len;_i++){child=_ref[_i];_results.push(child.show());}return _results;};return Node;})();Tree=(function(){function Tree(table,settings){this.table=table;this.settings=settings;this.tree={};this.nodes=[];this.roots=[];}Tree.prototype.collapseAll=function(){var node,_i,_len,_ref,_results;_ref=this.nodes;_results=[];for(_i=0,_len=_ref.length;_i<_len;_i++){node=_ref[_i];_results.push(node.collapse());}return _results;};Tree.prototype.expandAll=function(){var node,_i,_len,_ref,_results;_ref=this.nodes;_results=[];for(_i=0,_len=_ref.length;_i<_len;_i++){node=_ref[_i];_results.push(node.expand());}return _results;};Tree.prototype.findLastNode=function(node){if(node.children.length>0)return this.findLastNode(node.children[node.children.length-1]);else return node;};Tree.prototype.loadRows=function(rows){var node,row,i;if(rows!=null)for(i=0;i<rows.length;i++){row=$(rows[i]);if(row.data(this.settings.nodeIdAttr)!=null){node=new Node(row,this.tree,this.settings);this.nodes.push(node);this.tree[node.id]=node;if(node.parentId!=null&&this.tree[node.parentId])this.tree[node.parentId].addChild(node);else this.roots.push(node);}}for(i=0;i<this.nodes.length;i++)node=this.nodes[i].updateBranchLeafClass();return this;};Tree.prototype.move=function(node,destination){var nodeParent=node.parentNode();if(node!==destination&&destination.id!==node.parentId&&$.inArray(node,destination.ancestors())===-1){node.setParent(destination);this._moveRows(node,destination);if(node.parentNode().children.length===1)node.parentNode().render();}if(nodeParent)nodeParent.updateBranchLeafClass();if(node.parentNode())node.parentNode().updateBranchLeafClass();node.updateBranchLeafClass();return this;};Tree.prototype.removeNode=function(node){this.unloadBranch(node);node.row.remove();if(node.parentId!=null)node.parentNode().removeChild(node);delete this.tree[node.id];this.nodes.splice($.inArray(node,this.nodes),1);return this;};Tree.prototype.render=function(){var root,_i,_len,_ref;_ref=this.roots;for(_i=0,_len=_ref.length;_i<_len;_i++){root=_ref[_i];root.show();}return this;};Tree.prototype.sortBranch=function(node,sortFun){node.children.sort(sortFun);this._sortChildRows(node);return this;};Tree.prototype.unloadBranch=function(node){var children=node.children.slice(0),i;for(i=0;i<children.length;i++)this.removeNode(children[i]);node.children=[];node.updateBranchLeafClass();return this;};Tree.prototype._moveRows=function(node,destination){var children=node.children,i;node.row.insertAfter(destination.row);node.render();for(i=children.length-1;i>=0;i--)this._moveRows(children[i],node);};Tree.prototype._sortChildRows=function(parentNode){return this._moveRows(parentNode,parentNode);};return Tree;})();methods={init:function(options,force){var settings;settings=$.extend({branchAttr:"ttBranch",clickableNodeNames:false,column:0,columnElType:"td",expandable:false,expanderTemplate:"<a href='#'> </a>",indent:19,indenterTemplate:"<span class='indenter'></span>",initialState:"collapsed",nodeIdAttr:"ttId",parentIdAttr:"ttParentId",stringExpand:"Expand",stringCollapse:"Collapse",onInitialized:null,onNodeCollapse:null,onNodeExpand:null,onNodeInitialized:null},options);return this.each(function(){var el=$(this),tree;if(force||el.data("treetable")===undefined){tree=new Tree(this,settings);tree.loadRows(this.rows).render();el.addClass("treetable").data("treetable",tree);if(settings.onInitialized!=null)settings.onInitialized.apply(tree);}return el;});},destroy:function(){return this.each(function(){return $(this).removeData("treetable").removeClass("treetable");});},collapseAll:function(){this.data("treetable").collapseAll();return this;},collapseNode:function(id){var node=this.data("treetable").tree[id];if(node)node.collapse();else throw new Error("Unknown node '"+id+"'");return this;},expandAll:function(){this.data("treetable").expandAll();return this;},expandNode:function(id){var node=this.data("treetable").tree[id];if(node){if(!node.initialized)node._initialize();node.expand();}else throw new Error("Unknown node '"+id+"'");return this;},loadBranch:function(node,rows){var settings=this.data("treetable").settings,tree=this.data("treetable").tree;rows=$(rows);if(node==null)this.append(rows);else{var lastNode=this.data("treetable").findLastNode(node);rows.insertAfter(lastNode.row);}this.data("treetable").loadRows(rows);rows.filter("tr").each(function(){tree[$(this).data(settings.nodeIdAttr)].show();});if(node!=null)node.render().expand();return this;},move:function(nodeId,destinationId){var destination,node;node=this.data("treetable").tree[nodeId];destination=this.data("treetable").tree[destinationId];this.data("treetable").move(node,destination);return this;},node:function(id){return this.data("treetable").tree[id];},removeNode:function(id){var node=this.data("treetable").tree[id];if(node)this.data("treetable").removeNode(node);else throw new Error("Unknown node '"+id+"'");return this;},reveal:function(id){var node=this.data("treetable").tree[id];if(node)node.reveal();else throw new Error("Unknown node '"+id+"'");return this;},sortBranch:function(node,columnOrFunction){var settings=this.data("treetable").settings,prepValue,sortFun;columnOrFunction=columnOrFunction||settings.column;sortFun=columnOrFunction;if($.isNumeric(columnOrFunction))sortFun=function(a,b){var extractValue,valA,valB;extractValue=function(node){var val=node.row.find("td:eq("+columnOrFunction+")").text();return $.trim(val).toUpperCase();};valA=extractValue(a);valB=extractValue(b);if(valA<valB)return -1;if(valA>valB)return 1;return 0;};this.data("treetable").sortBranch(node,sortFun);return this;},unloadBranch:function(node){this.data("treetable").unloadBranch(node);return this;}};$.fn.treetable=function(method){if(methods[method])return methods[method].apply(this,Array.prototype.slice.call(arguments,1));else if(typeof method==='object'||!method)return methods.init.apply(this,arguments);else return $.error("Method "+method+" does not exist on jQuery.treetable");};this.TreeTable||(this.TreeTable={});this.TreeTable.Node=Node;this.TreeTable.Tree=Tree;})(jQuery);if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");+function(t){"use strict";var e=t.fn.jquery.split(" ")[0].split(".");if(e[0]<2&&e[1]<9||1==e[0]&&9==e[1]&&e[2]<1||e[0]>3)throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4");}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var i=t(this),o=i.data("bs.alert");o||i.data("bs.alert",o=new n(this)),"string"==typeof e&&o[e].call(i);});}var i='[data-dismiss="alert"]',n=function(e){t(e).on("click",i,this.close);};n.VERSION="3.3.7",n.TRANSITION_DURATION=150,n.prototype.close=function(e){function i(){a.detach().trigger("closed.bs.alert").remove();}var o=t(this),s=o.attr("data-target");s||(s=o.attr("href"),s=s&&s.replace(/.*(?=#[^\s]*$)/,""));var a=t("#"===s?[]:s);e&&e.preventDefault(),a.length||(a=o.closest(".alert")),a.trigger(e=t.Event("close.bs.alert")),e.isDefaultPrevented()||(a.removeClass("in"),t.support.transition&&a.hasClass("fade")?a.one("bsTransitionEnd",i).emulateTransitionEnd(n.TRANSITION_DURATION):i());};var o=t.fn.alert;t.fn.alert=e,t.fn.alert.Constructor=n,t.fn.alert.noConflict=function(){return t.fn.alert=o,this;},t(document).on("click.bs.alert.data-api",i,n.prototype.close);}(jQuery),+function(t){"use strict";function e(e){var i=e.attr("data-target");i||(i=e.attr("href"),i=i&&/#[A-Za-z]/.test(i)&&i.replace(/.*(?=#[^\s]*$)/,""));var n=i&&t(i);return n&&n.length?n:e.parent();}function i(i){i&&3===i.which||(t(o).remove(),t(s).each(function(){var n=t(this),o=e(n),s={relatedTarget:this};o.hasClass("open")&&(i&&"click"==i.type&&/input|textarea/i.test(i.target.tagName)&&t.contains(o[0],i.target)||(o.trigger(i=t.Event("hide.bs.dropdown",s)),i.isDefaultPrevented()||(n.attr("aria-expanded","false"),o.removeClass("open").trigger(t.Event("hidden.bs.dropdown",s)))));}));}function n(e){return this.each(function(){var i=t(this),n=i.data("bs.dropdown");n||i.data("bs.dropdown",n=new a(this)),"string"==typeof e&&n[e].call(i);});}var o=".dropdown-backdrop",s='[data-toggle="dropdown"]',a=function(e){t(e).on("click.bs.dropdown",this.toggle);};a.VERSION="3.3.7",a.prototype.toggle=function(n){var o=t(this);if(!o.is(".disabled, :disabled")){var s=e(o),a=s.hasClass("open");if(i(),!a){"ontouchstart" in document.documentElement&&!s.closest(".navbar-nav").length&&t(document.createElement("div")).addClass("dropdown-backdrop").insertAfter(t(this)).on("click",i);var r={relatedTarget:this};if(s.trigger(n=t.Event("show.bs.dropdown",r)),n.isDefaultPrevented())return;o.trigger("focus").attr("aria-expanded","true"),s.toggleClass("open").trigger(t.Event("shown.bs.dropdown",r));}return !1;}},a.prototype.keydown=function(i){if(/(38|40|27|32)/.test(i.which)&&!/input|textarea/i.test(i.target.tagName)){var n=t(this);if(i.preventDefault(),i.stopPropagation(),!n.is(".disabled, :disabled")){var o=e(n),a=o.hasClass("open");if(!a&&27!=i.which||a&&27==i.which)return 27==i.which&&o.find(s).trigger("focus"),n.trigger("click");var r=" li:not(.disabled):visible a",d=o.find(".dropdown-menu"+r);if(d.length){var l=d.index(i.target);38==i.which&&l>0&&l--,40==i.which&&l<d.length-1&&l++,~l||(l=0),d.eq(l).trigger("focus");}}}};var r=t.fn.dropdown;t.fn.dropdown=n,t.fn.dropdown.Constructor=a,t.fn.dropdown.noConflict=function(){return t.fn.dropdown=r,this;},t(document).on("click.bs.dropdown.data-api",i).on("click.bs.dropdown.data-api",".dropdown form",function(t){t.stopPropagation();}).on("click.bs.dropdown.data-api",s,a.prototype.toggle).on("keydown.bs.dropdown.data-api",s,a.prototype.keydown).on("keydown.bs.dropdown.data-api",".dropdown-menu",a.prototype.keydown);}(jQuery),+function(t){"use strict";function e(e,n){return this.each(function(){var o=t(this),s=o.data("bs.modal"),a=t.extend({},i.DEFAULTS,o.data(),"object"==typeof e&&e);s||o.data("bs.modal",s=new i(this,a)),"string"==typeof e?s[e](n):a.show&&s.show(n);});}var i=function(e,i){this.options=i,this.$body=t(document.body),this.$element=t(e),this.$dialog=this.$element.find(".modal-dialog"),this.$backdrop=null,this.isShown=null,this.originalBodyPad=null,this.scrollbarWidth=0,this.ignoreBackdropClick=!1,this.options.remote&&this.$element.find(".modal-content").load(this.options.remote,t.proxy(function(){this.$element.trigger("loaded.bs.modal");},this));};i.VERSION="3.3.7",i.TRANSITION_DURATION=300,i.BACKDROP_TRANSITION_DURATION=150,i.DEFAULTS={backdrop:!0,keyboard:!0,show:!0},i.prototype.toggle=function(t){return this.isShown?this.hide():this.show(t);},i.prototype.show=function(e){var n=this,o=t.Event("show.bs.modal",{relatedTarget:e});this.$element.trigger(o),this.isShown||o.isDefaultPrevented()||(this.isShown=!0,this.checkScrollbar(),this.setScrollbar(),this.$body.addClass("modal-open"),this.escape(),this.resize(),this.$element.on("click.dismiss.bs.modal",'[data-dismiss="modal"]',t.proxy(this.hide,this)),this.$dialog.on("mousedown.dismiss.bs.modal",function(){n.$element.one("mouseup.dismiss.bs.modal",function(e){t(e.target).is(n.$element)&&(n.ignoreBackdropClick=!0);});}),this.backdrop(function(){var o=t.support.transition&&n.$element.hasClass("fade");n.$element.parent().length||n.$element.appendTo(n.$body),n.$element.show().scrollTop(0),n.adjustDialog(),o&&n.$element[0].offsetWidth,n.$element.addClass("in"),n.enforceFocus();var s=t.Event("shown.bs.modal",{relatedTarget:e});o?n.$dialog.one("bsTransitionEnd",function(){n.$element.trigger("focus").trigger(s);}).emulateTransitionEnd(i.TRANSITION_DURATION):n.$element.trigger("focus").trigger(s);}));},i.prototype.hide=function(e){e&&e.preventDefault(),e=t.Event("hide.bs.modal"),this.$element.trigger(e),this.isShown&&!e.isDefaultPrevented()&&(this.isShown=!1,this.escape(),this.resize(),t(document).off("focusin.bs.modal"),this.$element.removeClass("in").off("click.dismiss.bs.modal").off("mouseup.dismiss.bs.modal"),this.$dialog.off("mousedown.dismiss.bs.modal"),t.support.transition&&this.$element.hasClass("fade")?this.$element.one("bsTransitionEnd",t.proxy(this.hideModal,this)).emulateTransitionEnd(i.TRANSITION_DURATION):this.hideModal());},i.prototype.enforceFocus=function(){t(document).off("focusin.bs.modal").on("focusin.bs.modal",t.proxy(function(t){document===t.target||this.$element[0]===t.target||this.$element.has(t.target).length||this.$element.trigger("focus");},this));},i.prototype.escape=function(){this.isShown&&this.options.keyboard?this.$element.on("keydown.dismiss.bs.modal",t.proxy(function(t){27==t.which&&this.hide();},this)):this.isShown||this.$element.off("keydown.dismiss.bs.modal");},i.prototype.resize=function(){this.isShown?t(window).on("resize.bs.modal",t.proxy(this.handleUpdate,this)):t(window).off("resize.bs.modal");},i.prototype.hideModal=function(){var t=this;this.$element.hide(),this.backdrop(function(){t.$body.removeClass("modal-open"),t.resetAdjustments(),t.resetScrollbar(),t.$element.trigger("hidden.bs.modal");});},i.prototype.removeBackdrop=function(){this.$backdrop&&this.$backdrop.remove(),this.$backdrop=null;},i.prototype.backdrop=function(e){var n=this,o=this.$element.hasClass("fade")?"fade":"";if(this.isShown&&this.options.backdrop){var s=t.support.transition&&o;if(this.$backdrop=t(document.createElement("div")).addClass("modal-backdrop "+o).appendTo(this.$body),this.$element.on("click.dismiss.bs.modal",t.proxy(function(t){return this.ignoreBackdropClick?void (this.ignoreBackdropClick=!1):void (t.target===t.currentTarget&&("static"==this.options.backdrop?this.$element[0].focus():this.hide()));},this)),s&&this.$backdrop[0].offsetWidth,this.$backdrop.addClass("in"),!e)return;s?this.$backdrop.one("bsTransitionEnd",e).emulateTransitionEnd(i.BACKDROP_TRANSITION_DURATION):e();}else if(!this.isShown&&this.$backdrop){this.$backdrop.removeClass("in");var a=function(){n.removeBackdrop(),e&&e();};t.support.transition&&this.$element.hasClass("fade")?this.$backdrop.one("bsTransitionEnd",a).emulateTransitionEnd(i.BACKDROP_TRANSITION_DURATION):a();}else e&&e();},i.prototype.handleUpdate=function(){this.adjustDialog();},i.prototype.adjustDialog=function(){var t=this.$element[0].scrollHeight>document.documentElement.clientHeight;this.$element.css({paddingLeft:!this.bodyIsOverflowing&&t?this.scrollbarWidth:"",paddingRight:this.bodyIsOverflowing&&!t?this.scrollbarWidth:""});},i.prototype.resetAdjustments=function(){this.$element.css({paddingLeft:"",paddingRight:""});},i.prototype.checkScrollbar=function(){var t=window.innerWidth;if(!t){var e=document.documentElement.getBoundingClientRect();t=e.right-Math.abs(e.left);}this.bodyIsOverflowing=document.body.clientWidth<t,this.scrollbarWidth=this.measureScrollbar();},i.prototype.setScrollbar=function(){var t=parseInt(this.$body.css("padding-right")||0,10);this.originalBodyPad=document.body.style.paddingRight||"",this.bodyIsOverflowing&&this.$body.css("padding-right",t+this.scrollbarWidth);},i.prototype.resetScrollbar=function(){this.$body.css("padding-right",this.originalBodyPad);},i.prototype.measureScrollbar=function(){var t=document.createElement("div");t.className="modal-scrollbar-measure",this.$body.append(t);var e=t.offsetWidth-t.clientWidth;return this.$body[0].removeChild(t),e;};var n=t.fn.modal;t.fn.modal=e,t.fn.modal.Constructor=i,t.fn.modal.noConflict=function(){return t.fn.modal=n,this;},t(document).on("click.bs.modal.data-api",'[data-toggle="modal"]',function(i){var n=t(this),o=n.attr("href"),s=t(n.attr("data-target")||o&&o.replace(/.*(?=#[^\s]+$)/,"")),a=s.data("bs.modal")?"toggle":t.extend({remote:!/#/.test(o)&&o},s.data(),n.data());n.is("a")&&i.preventDefault(),s.one("show.bs.modal",function(t){t.isDefaultPrevented()||s.one("hidden.bs.modal",function(){n.is(":visible")&&n.trigger("focus");});}),e.call(s,a,this);});}(jQuery),+function(t){"use strict";function e(e){var i,n=e.attr("data-target")||(i=e.attr("href"))&&i.replace(/.*(?=#[^\s]+$)/,"");return t(n);}function i(e){return this.each(function(){var i=t(this),o=i.data("bs.collapse"),s=t.extend({},n.DEFAULTS,i.data(),"object"==typeof e&&e);!o&&s.toggle&&/show|hide/.test(e)&&(s.toggle=!1),o||i.data("bs.collapse",o=new n(this,s)),"string"==typeof e&&o[e]();});}var n=function(e,i){this.$element=t(e),this.options=t.extend({},n.DEFAULTS,i),this.$trigger=t('[data-toggle="collapse"][href="#'+e.id+'"],[data-toggle="collapse"][data-target="#'+e.id+'"]'),this.transitioning=null,this.options.parent?this.$parent=this.getParent():this.addAriaAndCollapsedClass(this.$element,this.$trigger),this.options.toggle&&this.toggle();};n.VERSION="3.3.7",n.TRANSITION_DURATION=350,n.DEFAULTS={toggle:!0},n.prototype.dimension=function(){var t=this.$element.hasClass("width");return t?"width":"height";},n.prototype.show=function(){if(!this.transitioning&&!this.$element.hasClass("in")){var e,o=this.$parent&&this.$parent.children(".panel").children(".in, .collapsing");if(!(o&&o.length&&(e=o.data("bs.collapse"),e&&e.transitioning))){var s=t.Event("show.bs.collapse");if(this.$element.trigger(s),!s.isDefaultPrevented()){o&&o.length&&(i.call(o,"hide"),e||o.data("bs.collapse",null));var a=this.dimension();this.$element.removeClass("collapse").addClass("collapsing")[a](0).attr("aria-expanded",!0),this.$trigger.removeClass("collapsed").attr("aria-expanded",!0),this.transitioning=1;var r=function(){this.$element.removeClass("collapsing").addClass("collapse in")[a](""),this.transitioning=0,this.$element.trigger("shown.bs.collapse");};if(!t.support.transition)return r.call(this);var d=t.camelCase(["scroll",a].join("-"));this.$element.one("bsTransitionEnd",t.proxy(r,this)).emulateTransitionEnd(n.TRANSITION_DURATION)[a](this.$element[0][d]);}}}},n.prototype.hide=function(){if(!this.transitioning&&this.$element.hasClass("in")){var e=t.Event("hide.bs.collapse");if(this.$element.trigger(e),!e.isDefaultPrevented()){var i=this.dimension();this.$element[i](this.$element[i]())[0].offsetHeight,this.$element.addClass("collapsing").removeClass("collapse in").attr("aria-expanded",!1),this.$trigger.addClass("collapsed").attr("aria-expanded",!1),this.transitioning=1;var o=function(){this.transitioning=0,this.$element.removeClass("collapsing").addClass("collapse").trigger("hidden.bs.collapse");};return t.support.transition?void this.$element[i](0).one("bsTransitionEnd",t.proxy(o,this)).emulateTransitionEnd(n.TRANSITION_DURATION):o.call(this);}}},n.prototype.toggle=function(){this[this.$element.hasClass("in")?"hide":"show"]();},n.prototype.getParent=function(){return t(this.options.parent).find('[data-toggle="collapse"][data-parent="'+this.options.parent+'"]').each(t.proxy(function(i,n){var o=t(n);this.addAriaAndCollapsedClass(e(o),o);},this)).end();},n.prototype.addAriaAndCollapsedClass=function(t,e){var i=t.hasClass("in");t.attr("aria-expanded",i),e.toggleClass("collapsed",!i).attr("aria-expanded",i);};var o=t.fn.collapse;t.fn.collapse=i,t.fn.collapse.Constructor=n,t.fn.collapse.noConflict=function(){return t.fn.collapse=o,this;},t(document).on("click.bs.collapse.data-api",'[data-toggle="collapse"]',function(n){var o=t(this);o.attr("data-target")||n.preventDefault();var s=e(o),a=s.data("bs.collapse"),r=a?"toggle":o.data();i.call(s,r);});}(jQuery),+function(t){"use strict";function e(){var t=document.createElement("bootstrap"),e={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var i in e)if(void 0!==t.style[i])return{end:e[i]};return !1;}t.fn.emulateTransitionEnd=function(e){var i=!1,n=this;t(this).one("bsTransitionEnd",function(){i=!0;});var o=function(){i||t(n).trigger(t.support.transition.end);};return setTimeout(o,e),this;},t(function(){t.support.transition=e(),t.support.transition&&(t.event.special.bsTransitionEnd={bindType:t.support.transition.end,delegateType:t.support.transition.end,handle:function(e){return t(e.target).is(this)?e.handleObj.handler.apply(this,arguments):void 0;}});});}(jQuery);function openRuleDetailsDialog(rule_result_id){$("#detail-modal").remove();var closebutton=$('<button type="button" class="close btn btn-sm btn-default" data-dismiss="modal" aria-hidden="true" title="Close">❌</button>');var modal=$('<div id="detail-modal" class="modal fade" tabindex="-1" role="dialog" aria-hidden="true"><div id="detail-modal-body" class="modal-body"></div></div>');$("body").prepend(modal);var clone=$("#rule-detail-"+rule_result_id).clone();clone.attr("id","");clone.children(".panel-heading").append(closebutton);closebutton.css({"float":"right"});closebutton.css({"margin-top":"-=23px"});$("#detail-modal-body").append(clone);$("#detail-modal").modal();return false;}function toggleRuleDisplay(checkbox){var result=checkbox.value;if(checkbox.checked){$(".rule-overview-leaf-"+result).removeClass("rule-result-filtered");$(".rule-detail-"+result).removeClass("rule-result-filtered");}else{$(".rule-overview-leaf-"+result).addClass("rule-result-filtered");$(".rule-detail-"+result).addClass("rule-result-filtered");}stripeTreeTable();}function toggleResultDetails(button){var result_details=$("#result-details");if(result_details.is(":visible")){result_details.hide();$(button).html("Show all result details");}else{result_details.show();$(button).html("Hide all result details");}return false;}function ruleSearchMatches(detail_leaf,keywords){if(keywords.length==0)return true;var match=true;var checked_keywords=detail_leaf.children(".keywords").text().toLowerCase();var index;for(index=0;index<keywords.length;++index)if(checked_keywords.indexOf(keywords[index].toLowerCase())<0){match=false;break;}return match;}function ruleSearch(){var search_input=$("#search-input").val();var keywords=search_input.split(/[\s,\.;]+/);var matches=0;$(".rule-detail").each(function(){var rrid=$(this).attr("id").substring(12);var overview_leaf=$("#rule-overview-leaf-"+rrid);var detail_leaf=$(this);if(ruleSearchMatches(detail_leaf,keywords)){overview_leaf.removeClass("search-no-match");detail_leaf.removeClass("search-no-match");++matches;}else{overview_leaf.addClass("search-no-match");detail_leaf.addClass("search-no-match");}});if(!search_input)$("#search-matches").html("");else if(matches>0)$("#search-matches").html(matches.toString()+" rules match.");else $("#search-matches").html("No rules match your search criteria!");}var is_original=true;var original_treetable=null;$(document).ready(function(){$("#result-details").hide();$(".js-only").show();$(".form-group select").val("default");$(".toggle-rule-display").each(function(){toggleRuleDisplay(this);});original_treetable=$(".treetable").clone();$(".treetable").treetable({column:0,expandable:true,clickableNodeNames:true,initialState:"expanded",indent:0});is_original=true;stripeTreeTable();});function resetTreetable(){if(!is_original){$(".treetable").remove();$("#rule-overview").append(original_treetable.clone());$(".treetable").treetable({column:0,expandable:true,clickableNodeNames:true,initialState:"expanded",indent:0});$(".toggle-rule-display").each(function(){toggleRuleDisplay(this);});is_original=true;}}function newGroupLine(key,group_name){var maxKeyLength=24;if(key.length>maxKeyLength)key=key.substring(0,maxKeyLength-1)+"â¦";return "<tr class=\"rule-overview-inner-node\" data-tt-id=\""+group_name+"\">"+"<td colspan=\"3\"><small>"+key+"</small> = <strong>"+group_name+"</strong></td></tr>";}var KeysEnum={DEFAULT:"default",SEVERITY:"severity",RESULT:"result",NIST:"NIST SP 800-53 ID",DISA_CCI:"DISA CCI",DISA_SRG:"DISA SRG",DISA_STIG_ID:"DISA STIG ID",PCI_DSS:"PCI DSS Requirement",CIS:"CIS Recommendation"};function getTargetGroupsList(rule,key){switch(key){case KeysEnum.SEVERITY:var severity=rule.children(".rule-severity").text();return [severity];case KeysEnum.RESULT:var result=rule.children(".rule-result").text();return [result];default:try{var references=JSON.parse(rule.attr("data-references"));}catch(err){return ["unknown"];}if(!references.hasOwnProperty(key))return ["unknown"];return references[key];}}function sortGroups(groups,key){switch(key){case KeysEnum.SEVERITY:return ["high","medium","low"];case KeysEnum.RESULT:return groups.sort();default:return groups.sort(function(a,b){var a_parts=a.split(/[.()-]/);var b_parts=b.split(/[.()-]/);var result=0;var min_length=Math.min(a_parts.length,b_parts.length);var number=/^[1-9][0-9]*$/;for(i=0;i<min_length&&result==0;i++)if(a_parts[i].match(number)==null||a_parts[i].match(number)==null)result=a_parts[i].localeCompare(b_parts[i]);else result=parseInt(a_parts[i])-parseInt(b_parts[i]);if(result==0)result=a_parts.length-b_parts.length;return result;});}}function groupRulesBy(key){resetTreetable();if(key==KeysEnum.DEFAULT)return;var lines={};$(".rule-overview-leaf").each(function(){$(this).children("td:first").css("padding-left","0px");var id=$(this).attr("data-tt-id");var target_groups=getTargetGroupsList($(this),key);for(i=0;i<target_groups.length;i++){var target_group=target_groups[i];if(!lines.hasOwnProperty(target_group))lines[target_group]=[newGroupLine(key,target_group)];var clone=$(this).clone();clone.attr("data-tt-id",id+"copy"+i);clone.attr("data-tt-parent-id",target_group);var new_line=clone.wrap("<div>").parent().html();lines[target_group].push(new_line);}});$(".treetable").remove();var groups=sortGroups(Object.keys(lines),key);var html_text="";for(i=0;i<groups.length;i++)html_text+=lines[groups[i]].join("\n");new_table="<table class=\"treetable table table-bordered\"><thead><tr><th>Group</th> <th style=\"width: 120px; text-align: center\">Severity</th><th style=\"width: 120px; text-align: center\">Result</th></tr></thead><tbody>"+html_text+"</tbody></table>";$("#rule-overview").append(new_table);is_original=false;$(".treetable").treetable({column:0,expandable:true,clickableNodeNames:true,initialState:"expanded",indent:0});stripeTreeTable();}function stripeTreeTable(){var rows=$(".rule-overview-leaf:not(.rule-result-filtered)");var even=false;$(rows).each(function(){$(this).css("background-color",even?"#F9F9F9":"inherit");even=!even;});}</script></head><body><nav class="navbar navbar-default" role="navigation"><div class="navbar-header" style="float: none"><a class="navbar-brand" href="#"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="52" height="52" id="svg2"><g transform="matrix(0.75266991,0,0,0.75266991,-17.752968,-104.57468)" id="g32"><path d="m 24.7,173.5 c 0,-9 3.5,-17.5 9.9,-23.9 6.8,-6.8 15.7,-10.4 25,-10 8.6,0.3 16.9,3.9 22.9,9.8 6.4,6.4 9.9,14.9 10,23.8 0.1,9.1 -3.5,17.8 -10,24.3 -13.2,13.2 -34.7,13.1 -48,-0.1 -1.5,-1.5 -1.9,-4.2 0.2,-6.2 l 9,-9 c -2,-3.6 -4.9,-13.1 2.6,-20.7 7.6,-7.6 18.6,-6 24.4,-0.2 3.3,3.3 5.1,7.6 5.1,12.1 0.1,4.6 -1.8,9.1 -5.3,12.5 -4.2,4.2 -10.2,5.8 -16.1,4.4 -1.5,-0.4 -2.4,-1.9 -2.1,-3.4 0.4,-1.5 1.9,-2.4 3.4,-2.1 4.1,1 8,-0.1 10.9,-2.9 2.3,-2.3 3.6,-5.3 3.6,-8.4 0,0 0,-0.1 0,-0.1 0,-3 -1.3,-5.9 -3.5,-8.2 -3.9,-3.9 -11.3,-4.9 -16.5,0.2 -6.3,6.3 -1.6,14.1 -1.6,14.2 1.5,2.4 0.7,5 -0.9,6.3 l -8.4,8.4 c 9.9,8.9 27.2,11.2 39.1,-0.8 5.4,-5.4 8.4,-12.5 8.4,-20 0,-0.1 0,-0.2 0,-0.3 -0.1,-7.5 -3,-14.6 -8.4,-19.9 -5,-5 -11.9,-8 -19.1,-8.2 -7.8,-0.3 -15.2,2.7 -20.9,8.4 -8.7,8.7 -8.7,19 -7.9,24.3 0.3,2.4 1.1,4.9 2.2,7.3 0.6,1.4 0,3.1 -1.4,3.7 -1.4,0.6 -3.1,0 -3.7,-1.4 -1.3,-2.9 -2.2,-5.8 -2.6,-8.7 -0.3,-1.7 -0.4,-3.5 -0.4,-5.2 z" id="path34" style="fill:#12497f"></path></g></svg></a><div><h1>OpenSCAP Evaluation Report</h1></div></div></nav><div class="container"><div id="content"><div id="introduction"><div class="row"><h2>Guide to the Secure Configuration of Red Hat Enterprise Linux 7</h2><blockquote>with profile <mark>OSPP - Protection Profile for General Purpose Operating Systems v. 4.2</mark><div class="col-md-12 well well-lg horizontal-scroll"><div class="description profile-description"><small>This profile reflects mandatory configuration controls identified in the >NIAP Configuration Annex to the Protection Profile for General Purpose >Operating Systems (Protection Profile Version 4.2). > >This Annex is consistent with CNSSI-1253, which requires US National Security >Systems to adhere to certain configuration parameters. Accordingly, configuration >guidance produced according to the requirements of this Annex is suitable for use >in US National Security Systems.</small></div></div></blockquote><div class="col-md-12 well well-lg horizontal-scroll"><div class="front-matter">The SCAP Security Guide Project<br> > > <a href="https://www.open-scap.org/security-policies/scap-security-guide">https://www.open-scap.org/security-policies/scap-security-guide</a> ></div><div class="description">This guide presents a catalog of security-relevant >configuration settings for Red Hat Enterprise Linux 7. It is a rendering of >content structured in the eXtensible Configuration Checklist Description Format (XCCDF) >in order to support security automation. The SCAP content is >is available in the <code>scap-security-guide</code> package which is developed at > > <a href="https://www.open-scap.org/security-policies/scap-security-guide">https://www.open-scap.org/security-policies/scap-security-guide</a>. ><br><br> >Providing system administrators with such guidance informs them how to securely >configure systems under their control in a variety of network roles. Policy >makers and baseline creators can use this catalog of settings, with its >associated references to higher-level security control catalogs, in order to >assist them in security baseline creation. This guide is a <em>catalog, not a >checklist</em>, and satisfaction of every item is not likely to be possible or >sensible in many operational scenarios. However, the XCCDF format enables >granular selection and adjustment of settings, and their association with OVAL >and OCIL content provides an automated checking capability. Transformations of >this document, and its associated automated checking content, are capable of >providing baselines that meet a diverse set of policy objectives. Some example >XCCDF <em>Profiles</em>, which are selections of items that form checklists and >can be used as baselines, are available with this guide. They can be >processed, in an automated fashion, with tools that support the Security >Content Automation Protocol (SCAP). The DISA STIG for Red Hat Enterprise Linux 7, >which provides required settings for US Department of Defense systems, is >one example of a baseline created from this guidance. ></div><div class="top-spacer-10"><div class="alert alert-info">Do not attempt to implement any of the settings in >this guide without first testing them in a non-operational environment. The >creators of this guidance assume no responsibility whatsoever for its use by >other parties, and makes no guarantees, expressed or implied, about its >quality, reliability, or any other characteristic. ></div></div></div></div></div><div id="characteristics"><h2>Evaluation Characteristics</h2><div class="row"><div class="col-md-5 well well-lg horizontal-scroll"><table class="table table-bordered"><tr><th>Evaluation target</th><td>localhost.localdomain</td></tr><tr><th>Benchmark URL</th><td>/tmp/tmp.GMUqgtiYrj/input.xml</td></tr><tr><th>Benchmark ID</th><td>xccdf_org.ssgproject.content_benchmark_RHEL-7</td></tr><tr><th>Profile ID</th><td>xccdf_org.ssgproject.content_profile_ospp42</td></tr><tr><th>Started at</th><td>2018-09-25T23:08:34</td></tr><tr><th>Finished at</th><td>2018-09-25T23:09:04</td></tr><tr><th>Performed by</th><td>admin</td></tr></table></div><div class="col-md-3 horizontal-scroll"><h4>CPE Platforms</h4><ul class="list-group"><li class="list-group-item"><span class="label label-success" title="CPE platform cpe:/o:redhat:enterprise_linux:7 was found applicable on the evaluated machine">cpe:/o:redhat:enterprise_linux:7</span></li><li class="list-group-item"><span class="label label-success" title="CPE platform cpe:/o:redhat:enterprise_linux:7::client was found applicable on the evaluated machine">cpe:/o:redhat:enterprise_linux:7::client</span></li><li class="list-group-item"><span class="label label-success" title="CPE platform cpe:/o:redhat:enterprise_linux:7::computenode was found applicable on the evaluated machine">cpe:/o:redhat:enterprise_linux:7::computenode</span></li></ul></div><div class="col-md-4 horizontal-scroll"><h4>Addresses</h4><ul class="list-group"><li class="list-group-item"><span class="label label-primary">IPv4</span> >  127.0.0.1</li><li class="list-group-item"><span class="label label-primary">IPv4</span> >  192.168.122.24</li><li class="list-group-item"><span class="label label-info">IPv6</span> >  0:0:0:0:0:0:0:1</li><li class="list-group-item"><span class="label label-info">IPv6</span> >  fe80:0:0:0:5054:ff:fe89:b532</li><li class="list-group-item"><span class="label label-default">MAC</span> >  00:00:00:00:00:00</li><li class="list-group-item"><span class="label label-default">MAC</span> >  52:54:00:89:B5:32</li></ul></div></div></div><div id="compliance-and-scoring"><h2>Compliance and Scoring</h2><div class="alert alert-danger"><strong>The target system did not satisfy the conditions of 21 rules!</strong> > Please review rule results and consider applying remediation. > </div><h3>Rule results</h3><div class="progress" title="Displays proportion of passed/fixed, failed/error, and other rules (in that order). There were 176 rules taken into account."><div class="progress-bar progress-bar-success" style="width: 85.7954545454545%">151 passed > </div><div class="progress-bar progress-bar-danger" style="width: 11.9318181818182%">21 failed > </div><div class="progress-bar progress-bar-warning" style="width: 2.272727272727271%">4 other > </div></div><h3>Severity of failed rules</h3><div class="progress" title="Displays proportion of high, medium, low, and other severity failed rules (in that order). There were 21 total failed rules."><div class="progress-bar progress-bar-success" style="width: 9.523809523809524%">2 other > </div><div class="progress-bar progress-bar-info" style="width: 0%">0 low > </div><div class="progress-bar progress-bar-warning" style="width: 85.7142857142857%">18 medium > </div><div class="progress-bar progress-bar-danger" style="width: 4.761904761904762%">1 high > </div></div><h3 title="As per the XCCDF specification">Score</h3><table class="table table-striped table-bordered"><thead><tr><th>Scoring system</th><th class="text-center">Score</th><th class="text-center">Maximum</th><th class="text-center" style="width: 40%">Percent</th></tr></thead><tbody><tr><td>urn:xccdf:scoring:default</td><td class="text-center">92.306892</td><td class="text-center">100.000000</td><td><div class="progress"><div class="progress-bar progress-bar-success" style="width: 92.306892%">92.31%</div><div class="progress-bar progress-bar-danger" style="width: 7.693107999999995%"></div></div></td></tr></tbody></table></div><div id="rule-overview"><h2>Rule Overview</h2><div class="form-group js-only hidden-print"><div class="row"><div title="Filter rules by their XCCDF result"><div class="col-sm-2 toggle-rule-display-success"><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="pass"></input>pass</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="fixed"></input>fixed</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="informational"></input>informational</label></div></div><div class="col-sm-2 toggle-rule-display-danger"><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="fail"></input>fail</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="error"></input>error</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="unknown"></input>unknown</label></div></div><div class="col-sm-2 toggle-rule-display-other"><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="notchecked"></input>notchecked</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="notapplicable"></input>notapplicable</label></div></div></div><div class="col-sm-6"><div class="input-group"><input type="text" class="form-control" placeholder="Search through XCCDF rules" id="search-input" oninput="ruleSearch()"></input><div class="input-group-btn"><button class="btn btn-default" onclick="ruleSearch()">Search</button></div></div><p id="search-matches"></p> > Group rules by: > <select name="groupby" onchange="groupRulesBy(value)"><option value="default" selected>Default</option><option value="severity">Severity</option><option value="result">Result</option><option disabled>ââââââââââ</option><option value="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx</option><option value="DISA CCI">DISA CCI</option><option value="DISA SRG">DISA SRG</option><option value="DISA STIG">DISA STIG</option><option value="NIST SP 800-171">NIST SP 800-171</option><option value="NIST SP 800-53">NIST SP 800-53</option><option value="ANSSI">ANSSI</option><option value="CIS Recommendation">CIS Recommendation</option><option value="FBI CJIS">FBI CJIS</option><option value="HIPAA">HIPAA</option><option value="ISO 27001-2013">ISO 27001-2013</option><option value="https://www.niap-ccevs.org/Profile/PP.cfm">https://www.niap-ccevs.org/Profile/PP.cfm</option><option value="PCI-DSS Requirement">PCI-DSS Requirement</option></select></div></div></div><table class="treetable table table-bordered"><thead><tr><th>Title</th><th style="width: 120px; text-align: center">Severity</th><th style="width: 120px; text-align: center">Result</th></tr></thead><tbody><tr data-tt-id="xccdf_org.ssgproject.content_benchmark_RHEL-7" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_benchmark_RHEL-7"><td colspan="3" style="padding-left: 0px"><strong>Guide to the Secure Configuration of Red Hat Enterprise Linux 7</strong> <span class="badge">21x fail</span> <span class="badge">4x notchecked</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_services" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_services" data-tt-parent-id="xccdf_org.ssgproject.content_benchmark_RHEL-7"><td colspan="3" style="padding-left: 19px">Services<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_services");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_sssd" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_sssd" data-tt-parent-id="xccdf_org.ssgproject.content_group_services"><td colspan="3" style="padding-left: 38px">System Security Services Daemon<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_sssd");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sssd_memcache_timeout" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sssd_memcache_timeout" id="rule-overview-leaf-idm45508566493920" data-tt-parent-id="xccdf_org.ssgproject.content_group_sssd" data-references='{"DISA CCI":["CCI-002007"],"DISA SRG":["SRG-OS-000383-GPOS-00166"],"NIST SP 800-53":["IA-5(10)","IA-5(13)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 57px"><a href="#rule-detail-idm45508566493920" onclick="return openRuleDetailsDialog('idm45508566493920')">Configure SSSD's Memory Cache to Expire</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sssd_offline_cred_expiration" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sssd_offline_cred_expiration" id="rule-overview-leaf-idm45508566487888" data-tt-parent-id="xccdf_org.ssgproject.content_group_sssd" data-references='{"DISA CCI":["CCI-002007"],"DISA SRG":["SRG-OS-000383-GPOS-00166"],"NIST SP 800-53":["IA-5(13)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 57px"><a href="#rule-detail-idm45508566487888" onclick="return openRuleDetailsDialog('idm45508566487888')">Configure SSSD to Expire Offline Credentials</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_base" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_base" data-tt-parent-id="xccdf_org.ssgproject.content_group_services"><td colspan="3" style="padding-left: 38px">Base Services<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_base");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_abrt_removed" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_package_abrt_removed" id="rule-overview-leaf-idm45508566462288" data-tt-parent-id="xccdf_org.ssgproject.content_group_base" data-references="{}"><td style="padding-left: 57px"><a href="#rule-detail-idm45508566462288" onclick="return openRuleDetailsDialog('idm45508566462288')">Uninstall Automatic Bug Reporting Tool (abrt)</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_mail" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_mail" data-tt-parent-id="xccdf_org.ssgproject.content_group_services"><td colspan="3" style="padding-left: 38px">Mail Server Software<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_mail");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_sendmail_removed" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_package_sendmail_removed" id="rule-overview-leaf-idm45508566390816" data-tt-parent-id="xccdf_org.ssgproject.content_group_mail" data-references='{"NIST SP 800-53":["CM-7"]}'><td style="padding-left: 57px"><a href="#rule-detail-idm45508566390816" onclick="return openRuleDetailsDialog('idm45508566390816')">Uninstall Sendmail Package</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_ssh" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_ssh" data-tt-parent-id="xccdf_org.ssgproject.content_group_services"><td colspan="3" style="padding-left: 38px">SSH Server<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_ssh");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_ssh_server" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_ssh_server" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh"><td colspan="3" style="padding-left: 57px">Configure OpenSSH Server if Necessary<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_ssh_server");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts" id="rule-overview-leaf-idm45508566299216" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86873r2_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-040380"],"NIST SP 800-171":["3.1.12"],"NIST SP 800-53":["CM-6(a)"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566299216" onclick="return openRuleDetailsDialog('idm45508566299216')">Disable SSH Support for User Known Hosts</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords" id="rule-overview-leaf-idm45508566294672" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86563r2_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00229"],"DISA STIG":["RHEL-07-010300"],"NIST SP 800-171":["3.1.1","3.1.5"],"NIST SP 800-53":["AC-3","AC-6","CM-6(b)"],"CIS Recommendation":["5.2.9"],"FBI CJIS":["5.5.6"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566294672" onclick="return openRuleDetailsDialog('idm45508566294672')">Disable SSH Access via Empty Passwords</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_disable_rhosts_rsa" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_disable_rhosts_rsa" id="rule-overview-leaf-idm45508566287856" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86863r3_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-040330"],"NIST SP 800-171":["3.1.12"],"NIST SP 800-53":["CM-6(a)"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566287856" onclick="return openRuleDetailsDialog('idm45508566287856')">Disable SSH Support for Rhosts RSA Authentication</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner" id="rule-overview-leaf-idm45508566280992" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86849r3_rule"],"DISA CCI":["CCI-000048","CCI-000050","CCI-001384","CCI-001385","CCI-001386","CCI-001387","CCI-001388"],"DISA SRG":["SRG-OS-000023-GPOS-00006","SRG-OS-000024-GPOS-00007","SRG-OS-000228-GPOS-00088"],"DISA STIG":["RHEL-07-040170"],"NIST SP 800-171":["3.1.9"],"NIST SP 800-53":["AC-8(a)","AC-8(b)","AC-8(c)(1)","AC-8(c)(2)","AC-8(c)(3)"],"CIS Recommendation":["5.2.16"],"FBI CJIS":["5.5.6"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566280992" onclick="return openRuleDetailsDialog('idm45508566280992')">Enable SSH Warning Banner</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_disable_kerb_auth" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_disable_kerb_auth" id="rule-overview-leaf-idm45508566271728" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86885r2_rule"],"DISA CCI":["CCI-000368","CCI-000318","CCI-001812","CCI-001813","CCI-001814"],"DISA SRG":["SRG-OS-000364-GPOS-00151"],"DISA STIG":["RHEL-07-040440"],"NIST SP 800-171":["3.1.12"],"NIST SP 800-53":["CM-6(c)"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566271728" onclick="return openRuleDetailsDialog('idm45508566271728')">Disable Kerberos Authentication</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_disable_rhosts" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_disable_rhosts" id="rule-overview-leaf-idm45508566264864" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86867r2_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-040350"],"NIST SP 800-171":["3.1.12"],"NIST SP 800-53":["AC-3","CM-6(a)"],"CIS Recommendation":["5.2.6"],"FBI CJIS":["5.5.6"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566264864" onclick="return openRuleDetailsDialog('idm45508566264864')">Disable SSH Support for .rhosts Files</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_host_auth" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_disable_host_auth" id="rule-overview-leaf-idm45508566251520" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86583r2_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00229"],"DISA STIG":["RHEL-07-010470"],"NIST SP 800-171":["3.1.12"],"NIST SP 800-53":["AC-3","CM-6(b)"],"CIS Recommendation":["5.2.7"],"FBI CJIS":["5.5.6"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566251520" onclick="return openRuleDetailsDialog('idm45508566251520')">Disable Host-Based Authentication</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_disable_gssapi_auth" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_disable_gssapi_auth" id="rule-overview-leaf-idm45508566234048" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86883r2_rule"],"DISA CCI":["CCI-000368","CCI-000318","CCI-001812","CCI-001813","CCI-001814"],"DISA SRG":["SRG-OS-000364-GPOS-00151"],"DISA STIG":["RHEL-07-040430"],"NIST SP 800-171":["3.1.12"],"NIST SP 800-53":["CM-6(c)"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566234048" onclick="return openRuleDetailsDialog('idm45508566234048')">Disable GSSAPI Authentication</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_disable_root_login" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_disable_root_login" id="rule-overview-leaf-idm45508566227184" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86871r2_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-040370"],"NIST SP 800-171":["3.1.1","3.1.5"],"NIST SP 800-53":["AC-3","AC-6(2)","IA-2(1)","IA-2(5)"],"CIS Recommendation":["5.2.8"],"FBI CJIS":["5.5.6"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566227184" onclick="return openRuleDetailsDialog('idm45508566227184')">Disable SSH Root Login</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_system" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_system" data-tt-parent-id="xccdf_org.ssgproject.content_benchmark_RHEL-7"><td colspan="3" style="padding-left: 19px"><strong>System Settings</strong> <span class="badge">21x fail</span> <span class="badge">4x notchecked</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_software" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_software" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px"><strong>Installing and Maintaining Software</strong> <span class="badge">1x notchecked</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_integrity" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_integrity" data-tt-parent-id="xccdf_org.ssgproject.content_group_software"><td colspan="3" style="padding-left: 57px">System and Software Integrity<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_integrity");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_certified-vendor" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_certified-vendor" data-tt-parent-id="xccdf_org.ssgproject.content_group_integrity"><td colspan="3" style="padding-left: 76px">Operating System Vendor Support and Certification<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_certified-vendor");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_installed_OS_is_certified" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_installed_OS_is_certified" id="rule-overview-leaf-idm45508566184240" data-tt-parent-id="xccdf_org.ssgproject.content_group_certified-vendor" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86621r2_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-020250"],"NIST SP 800-53":["SI-2(c)"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566184240" onclick="return openRuleDetailsDialog('idm45508566184240')">The Installed Operating System Is Vendor Supported and Certified</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_fips" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_fips" data-tt-parent-id="xccdf_org.ssgproject.content_group_integrity"><td colspan="3" style="padding-left: 76px">Federal Information Processing Standard (FIPS)<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_fips");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_enable_fips_mode" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_grub2_enable_fips_mode" id="rule-overview-leaf-idm45508566178768" data-tt-parent-id="xccdf_org.ssgproject.content_group_fips" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86691r3_rule"],"DISA CCI":["CCI-000068","CCI-002450"],"DISA SRG":["SRG-OS-000033-GPOS-00014","SRG-OS-000396-GPOS-00176","SRG-OS-000478-GPOS-00223"],"DISA STIG":["RHEL-07-021350"],"NIST SP 800-171":["3.13.8","3.13.11"],"NIST SP 800-53":["AC-17(2)"],"FBI CJIS":["5.10.1.2"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566178768" onclick="return openRuleDetailsDialog('idm45508566178768')">Enable FIPS Mode in GRUB2</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_software-integrity" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_software-integrity" data-tt-parent-id="xccdf_org.ssgproject.content_group_integrity"><td colspan="3" style="padding-left: 76px">Software Integrity Checking<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_software-integrity");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_rpm_verification" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_rpm_verification" data-tt-parent-id="xccdf_org.ssgproject.content_group_software-integrity"><td colspan="3" style="padding-left: 95px">Verify Integrity with RPM<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_rpm_verification");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_rpm_verify_hashes" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_rpm_verify_hashes" id="rule-overview-leaf-idm45508566144880" data-tt-parent-id="xccdf_org.ssgproject.content_group_rpm_verification" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86479r2_rule"],"DISA CCI":["CCI-000663"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-010020"],"NIST SP 800-171":["3.3.8","3.4.1"],"NIST SP 800-53":["CM-6(d)","CM-6(3)","SI-7(1)"],"CIS Recommendation":["1.2.6"],"FBI CJIS":["5.10.4.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.312(b)","164.312(c)(1)","164.312(c)(2)","164.312(e)(2)(i)"],"PCI-DSS Requirement":["Req-11.5"]}'><td style="padding-left: 114px"><a href="#rule-detail-idm45508566144880" onclick="return openRuleDetailsDialog('idm45508566144880')">Verify File Hashes with RPM</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_updating" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_updating" data-tt-parent-id="xccdf_org.ssgproject.content_group_software"><td colspan="3" style="padding-left: 57px"><strong>Updating Software</strong> <span class="badge">1x notchecked</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled" id="rule-overview-leaf-idm45508566122224" data-tt-parent-id="xccdf_org.ssgproject.content_group_updating" data-references='{"":["366"],"DISA CCI":["CCI-001749"],"NIST SP 800-171":["3.4.8"],"NIST SP 800-53":["CM-5(3)","SI-7","MA-1(b)"],"FBI CJIS":["5.10.4.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.312(b)","164.312(c)(1)","164.312(c)(2)","164.312(e)(2)(i)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-6.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566122224" onclick="return openRuleDetailsDialog('idm45508566122224')">Ensure gpgcheck Enabled For All Yum Package Repositories</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_security_patches_up_to_date" class="rule-overview-leaf rule-overview-leaf-notchecked rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_security_patches_up_to_date" id="rule-overview-leaf-idm45508566118496" data-tt-parent-id="xccdf_org.ssgproject.content_group_updating" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86623r3_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-020260"],"NIST SP 800-53":["SI-2","SI-2(c)","MA-1(b)"],"CIS Recommendation":["1.8"],"FBI CJIS":["5.10.4.1"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-6.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566118496" onclick="return openRuleDetailsDialog('idm45508566118496')">Ensure Software Patches Installed</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-notchecked"><div><abbr title="The Rule was not evaluated by the checking engine. This status is designed for Rule elements that have no check elements or that correspond to an unsupported checking system. It may also correspond to a status returned by a checking engine if the checking engine does not support the indicated check code.">notchecked</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_ensure_redhat_gpgkey_installed" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_ensure_redhat_gpgkey_installed" id="rule-overview-leaf-idm45508566114448" data-tt-parent-id="xccdf_org.ssgproject.content_group_updating" data-references='{"":["366"],"DISA CCI":["CCI-001749"],"NIST SP 800-171":["3.4.8"],"NIST SP 800-53":["CM-5(3)","SI-7","MA-1(b)"],"CIS Recommendation":["1.2.3"],"FBI CJIS":["5.10.4.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.312(b)","164.312(c)(1)","164.312(c)(2)","164.312(e)(2)(i)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-6.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566114448" onclick="return openRuleDetailsDialog('idm45508566114448')">Ensure Red Hat GPG Key Installed</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated" id="rule-overview-leaf-idm45508566106048" data-tt-parent-id="xccdf_org.ssgproject.content_group_updating" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86601r1_rule"],"DISA CCI":["CCI-001749"],"DISA SRG":["SRG-OS-000366-GPOS-00153"],"DISA STIG":["RHEL-07-020050"],"NIST SP 800-171":["3.4.8"],"NIST SP 800-53":["CM-5(3)","SI-7","MA-1(b)"],"CIS Recommendation":["1.2.2"],"FBI CJIS":["5.10.4.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.312(b)","164.312(c)(1)","164.312(c)(2)","164.312(e)(2)(i)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-6.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566106048" onclick="return openRuleDetailsDialog('idm45508566106048')">Ensure gpgcheck Enabled In Main Yum Configuration</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages" id="rule-overview-leaf-idm45508566102320" data-tt-parent-id="xccdf_org.ssgproject.content_group_updating" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86603r1_rule"],"DISA CCI":["CCI-001749"],"DISA SRG":["SRG-OS-000366-GPOS-00153"],"DISA STIG":["RHEL-07-020060"],"NIST SP 800-171":["3.4.8"],"NIST SP 800-53":["CM-5(3)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.312(b)","164.312(c)(1)","164.312(c)(2)","164.312(e)(2)(i)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566102320" onclick="return openRuleDetailsDialog('idm45508566102320')">Ensure gpgcheck Enabled for Local Packages</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_gnome" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_gnome" data-tt-parent-id="xccdf_org.ssgproject.content_group_software"><td colspan="3" style="padding-left: 57px">GNOME Desktop Environment<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_gnome");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_gnome_screen_locking" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_gnome_screen_locking" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome"><td colspan="3" style="padding-left: 76px">Configure GNOME Screen Locking<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_gnome_screen_locking");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_session_idle_user_locks" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_session_idle_user_locks" id="rule-overview-leaf-idm45508566095152" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_screen_locking" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-87809r3_rule"],"DISA CCI":["CCI-000057"],"DISA SRG":["SRG-OS-00029-GPOS-0010"],"DISA STIG":["RHEL-07-010082"],"NIST SP 800-171":["3.1.10"],"NIST SP 800-53":["AC-11(a)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566095152" onclick="return openRuleDetailsDialog('idm45508566095152')">Ensure Users Cannot Change GNOME3 Session Idle Settings</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_delay" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_delay" id="rule-overview-leaf-idm45508566091472" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_screen_locking" data-references='{"":["OS-SRG-000029-GPOS-00010"],"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86525r2_rule"],"DISA CCI":["CCI-000056"],"DISA STIG":["RHEL-07-010110"],"NIST SP 800-171":["3.1.10"],"NIST SP 800-53":["AC-11(a)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-8.1.8"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566091472" onclick="return openRuleDetailsDialog('idm45508566091472')">Set GNOME3 Screensaver Lock Delay After Activation Period</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_info" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_info" id="rule-overview-leaf-idm45508566086944" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_screen_locking" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566086944" onclick="return openRuleDetailsDialog('idm45508566086944')">Disable Full User Name on Splash Shield</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_locks" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_locks" id="rule-overview-leaf-idm45508566083264" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_screen_locking" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-87807r3_rule"],"DISA CCI":["CCI-000057"],"DISA SRG":["SRG-OS-00029-GPOS-0010"],"DISA STIG":["RHEL-07-010081"],"NIST SP 800-171":["3.1.10"],"NIST SP 800-53":["AC-11(a)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566083264" onclick="return openRuleDetailsDialog('idm45508566083264')">Ensure Users Cannot Change GNOME3 Screensaver Settings</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_activation_enabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_activation_enabled" id="rule-overview-leaf-idm45508566077824" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_screen_locking" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86523r3_rule"],"DISA CCI":["CCI-000057"],"DISA SRG":["SRG-OS-000029-GPOS-00010"],"DISA STIG":["RHEL-07-010100"],"NIST SP 800-171":["3.1.10"],"NIST SP 800-53":["AC-11(a)"],"FBI CJIS":["5.5.5"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-8.1.8"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566077824" onclick="return openRuleDetailsDialog('idm45508566077824')">Enable GNOME3 Screensaver Idle Activation</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_delay" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_delay" id="rule-overview-leaf-idm45508566070608" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_screen_locking" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86517r4_rule"],"DISA CCI":["CCI-000057"],"DISA SRG":["SRG-OS-000029-GPOS-00010"],"DISA STIG":["RHEL-07-010070"],"NIST SP 800-171":["3.1.10"],"NIST SP 800-53":["AC-11(a)"],"FBI CJIS":["5.5.5"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-8.1.8"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566070608" onclick="return openRuleDetailsDialog('idm45508566070608')">Set GNOME3 Screensaver Inactivity Timeout</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_mode_blank" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_mode_blank" id="rule-overview-leaf-idm45508566061968" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_screen_locking" data-references='{"DISA CCI":["CCI-000060"],"NIST SP 800-171":["3.1.10"],"NIST SP 800-53":["AC-11(b)"],"FBI CJIS":["5.5.5"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-8.1.8"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566061968" onclick="return openRuleDetailsDialog('idm45508566061968')">Implement Blank Screensaver</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_enabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_enabled" id="rule-overview-leaf-idm45508566056496" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_screen_locking" data-references='{"":["OS-SRG-000030-GPOS-00011"],"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86515r4_rule"],"DISA CCI":["CCI-000056"],"DISA SRG":["SRG-OS-000028-GPOS-00009"],"DISA STIG":["RHEL-07-010060"],"NIST SP 800-171":["3.1.10"],"NIST SP 800-53":["AC-11(b)"],"FBI CJIS":["5.5.5"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-8.1.8"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566056496" onclick="return openRuleDetailsDialog('idm45508566056496')">Enable GNOME3 Screensaver Lock After Idle Period</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_gnome_login_screen" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_gnome_login_screen" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome"><td colspan="3" style="padding-left: 76px">Configure GNOME Login Screen<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_gnome_login_screen");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_gnome_gdm_disable_automatic_login" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_gnome_gdm_disable_automatic_login" id="rule-overview-leaf-idm45508566020928" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_login_screen" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86577r1_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00229"],"DISA STIG":["RHEL-07-010440"],"NIST SP 800-171":["3.1.1"],"NIST SP 800-53":["CM-6(b)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566020928" onclick="return openRuleDetailsDialog('idm45508566020928')">Disable GDM Automatic Login</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_login_retries" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_login_retries" id="rule-overview-leaf-idm45508566017200" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_login_screen" data-references='{"NIST SP 800-171":["3.1.8"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566017200" onclick="return openRuleDetailsDialog('idm45508566017200')">Set the GNOME3 Login Number of Failures</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_gnome_gdm_disable_guest_login" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_gnome_gdm_disable_guest_login" id="rule-overview-leaf-idm45508566009440" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_login_screen" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86579r2_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00229"],"DISA STIG":["RHEL-07-010450"],"NIST SP 800-171":["3.1.1"],"NIST SP 800-53":["CM-6(b)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566009440" onclick="return openRuleDetailsDialog('idm45508566009440')">Disable GDM Guest Login</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_logging" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_logging" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px">Configure Syslog<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_logging");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="xccdf_org.ssgproject.content_group_logging"><td colspan="3" style="padding-left: 57px">Rsyslog Logs Sent To Remote Host<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_rsyslog_sending_messages");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_rsyslog_remote_loghost" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_rsyslog_remote_loghost" id="rule-overview-leaf-idm45508565988592" data-tt-parent-id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86833r1_rule"],"DISA CCI":["CCI-000366","CCI-001348","CCI-000136","CCI-001851"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-031000"],"NIST SP 800-53":["AU-3(2)","AU-4(1)","AU-9"],"CIS Recommendation":["4.2.1.4"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(5)(ii)(B)","164.308(a)(5)(ii)(C)","164.308(a)(6)(ii)","164.308(a)(8)","164.310(d)(2)(iii)","164.312(b)","164.314(a)(2)(i)(C)","164.314(a)(2)(iii)"],"ISO 27001-2013":["A.12.3.1"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508565988592" onclick="return openRuleDetailsDialog('idm45508565988592')">Ensure Logs Sent To Remote Host</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_ensure_rsyslog_log_file_configuration" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_ensure_rsyslog_log_file_configuration" data-tt-parent-id="xccdf_org.ssgproject.content_group_logging"><td colspan="3" style="padding-left: 57px">Ensure Proper Configuration of Log Files<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_ensure_rsyslog_log_file_configuration");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_rsyslog_cron_logging" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_rsyslog_cron_logging" id="rule-overview-leaf-idm45508565977776" data-tt-parent-id="xccdf_org.ssgproject.content_group_ensure_rsyslog_log_file_configuration" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86675r1_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-021100"],"NIST SP 800-53":["AU-2(d)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508565977776" onclick="return openRuleDetailsDialog('idm45508565977776')">Ensure cron Is Logging To Rsyslog</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_network" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_network" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px"><strong>Network Configuration and Firewalls</strong> <span class="badge">1x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_network-firewalld" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_network-firewalld" data-tt-parent-id="xccdf_org.ssgproject.content_group_network"><td colspan="3" style="padding-left: 57px"><strong>firewalld</strong> <span class="badge">1x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_ruleset_modifications" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_ruleset_modifications" data-tt-parent-id="xccdf_org.ssgproject.content_group_network-firewalld"><td colspan="3" style="padding-left: 76px"><strong>Strengthen the Default Ruleset</strong> <span class="badge">1x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_set_firewalld_default_zone" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508565906384" data-tt-parent-id="xccdf_org.ssgproject.content_group_ruleset_modifications" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86939r2_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-040810"],"NIST SP 800-171":["3.1.3","3.4.7","3.13.6"],"NIST SP 800-53":["CM-6(b)","CM-7"],"FBI CJIS":["5.10.1"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508565906384" onclick="return openRuleDetailsDialog('idm45508565906384')">Set Default firewalld Zone for Incoming Packets</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_firewalld_activation" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_firewalld_activation" data-tt-parent-id="xccdf_org.ssgproject.content_group_network-firewalld"><td colspan="3" style="padding-left: 76px">Inspect and Activate Default firewalld Rules<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_firewalld_activation");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_service_firewalld_enabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_service_firewalld_enabled" id="rule-overview-leaf-idm45508565897936" data-tt-parent-id="xccdf_org.ssgproject.content_group_firewalld_activation" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86897r1_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-040520"],"NIST SP 800-171":["3.1.3","3.4.7"],"NIST SP 800-53":["CM-6(b)"],"CIS Recommendation":["4.7"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508565897936" onclick="return openRuleDetailsDialog('idm45508565897936')">Verify firewalld Enabled</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_bootloader-grub2" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_bootloader-grub2" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px"><strong>Set Boot Loader Password</strong> <span class="badge">1x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_password" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508565826848" data-tt-parent-id="xccdf_org.ssgproject.content_group_bootloader-grub2" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86585r4_rule"],"DISA CCI":["CCI-000213"],"DISA SRG":["SRG-OS-000080-GPOS-00048"],"DISA STIG":["RHEL-07-010480"],"NIST SP 800-171":["3.4.5"],"NIST SP 800-53":["IA-2(1)","IA-5(e)","AC-3"],"CIS Recommendation":["1.4.2"],"HIPAA":["164.308(a)(1)(ii)(B)","164.308(a)(7)(i)","164.308(a)(7)(ii)(A)","164.310(a)(1)","164.310(a)(2)(i)","164.310(a)(2)(ii)","164.310(a)(2)(iii)","164.310(b)","164.310(c)","164.310(d)(1)","164.310(d)(2)(iii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 57px"><a href="#rule-detail-idm45508565826848" onclick="return openRuleDetailsDialog('idm45508565826848')">Set Boot Loader Password in grub2</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_uefi_password" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_grub2_uefi_password" id="rule-overview-leaf-idm45508565807808" data-tt-parent-id="xccdf_org.ssgproject.content_group_bootloader-grub2" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86587r3_rule"],"DISA CCI":["CCI-000213"],"DISA SRG":["SRG-OS-000080-GPOS-00048"],"DISA STIG":["RHEL-07-010490"],"NIST SP 800-171":["3.4.5"],"NIST SP 800-53":["AC-3"],"CIS Recommendation":["1.4.2"],"HIPAA":["164.308(a)(1)(ii)(B)","164.308(a)(7)(i)","164.308(a)(7)(ii)(A)","164.310(a)(1)","164.310(a)(2)(i)","164.310(a)(2)(ii)","164.310(a)(2)(iii)","164.310(b)","164.310(c)","164.310(d)(1)","164.310(d)(2)(iii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 57px"><a href="#rule-detail-idm45508565807808" onclick="return openRuleDetailsDialog('idm45508565807808')">Set the UEFI Boot Loader Password</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_selinux" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_selinux" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px">SELinux<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_selinux");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_selinux_policytype" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_selinux_policytype" id="rule-overview-leaf-idm45508565256096" data-tt-parent-id="xccdf_org.ssgproject.content_group_selinux" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86615r3_rule"],"DISA CCI":["CCI-002696"],"DISA SRG":["SRG-OS-000445-GPOS-00199"],"DISA STIG":["RHEL-07-020220"],"NIST SP 800-171":["3.1.2","3.7.2"],"NIST SP 800-53":["AC-3","AC-3(3)","AC-3(4)","AC-4","AC-6","AU-9","SI-6(a)"],"CIS Recommendation":["1.6.1.3"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)","164.308(a)(4)","164.310(b)","164.310(c)","164.312(a)","164.312(e)"]}'><td style="padding-left: 57px"><a href="#rule-detail-idm45508565256096" onclick="return openRuleDetailsDialog('idm45508565256096')">Configure SELinux Policy</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_selinux_confinement_of_daemons" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_selinux_confinement_of_daemons" id="rule-overview-leaf-idm45508565249232" data-tt-parent-id="xccdf_org.ssgproject.content_group_selinux" data-references='{"NIST SP 800-171":["3.1.2","3.1.5","3.7.2"],"NIST SP 800-53":["AC-6","AU-9","CM-7"],"CIS Recommendation":["1.6.1.6"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)","164.308(a)(4)","164.310(b)","164.310(c)","164.312(a)","164.312(e)"]}'><td style="padding-left: 57px"><a href="#rule-detail-idm45508565249232" onclick="return openRuleDetailsDialog('idm45508565249232')">Ensure No Daemons are Unconfined by SELinux</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_selinux_all_devicefiles_labeled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_selinux_all_devicefiles_labeled" id="rule-overview-leaf-idm45508565245504" data-tt-parent-id="xccdf_org.ssgproject.content_group_selinux" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86663r1_rule"],"DISA CCI":["CCI-000022","CCI-000032","CCI-000368","CCI-000318","CCI-001812","CCI-001813","CCI-001814"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-020900"],"NIST SP 800-171":["3.1.2","3.1.5","3.7.2"],"NIST SP 800-53":["AC-6","AU-9","CM-3(f)","CM-7"]}'><td style="padding-left: 57px"><a href="#rule-detail-idm45508565245504" onclick="return openRuleDetailsDialog('idm45508565245504')">Ensure No Device Files are Unlabeled by SELinux</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_selinux_state" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_selinux_state" id="rule-overview-leaf-idm45508565239488" data-tt-parent-id="xccdf_org.ssgproject.content_group_selinux" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86613r2_rule"],"DISA CCI":["CCI-002165","CCI-002696"],"DISA SRG":["SRG-OS-000445-GPOS-00199"],"DISA STIG":["RHEL-07-020210"],"NIST SP 800-171":["3.1.2","3.7.2"],"NIST SP 800-53":["AC-3","AC-3(3)","AC-3(4)","AC-4","AC-6","AU-9","SI-6(a)"],"CIS Recommendation":["1.6.1.2"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)","164.308(a)(4)","164.310(b)","164.310(c)","164.312(a)","164.312(e)"]}'><td style="padding-left: 57px"><a href="#rule-detail-idm45508565239488" onclick="return openRuleDetailsDialog('idm45508565239488')">Ensure SELinux State is Enforcing</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px"><strong>Account and Access Control</strong> <span class="badge">1x notchecked</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-restrictions" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts-restrictions" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts"><td colspan="3" style="padding-left: 57px">Protect Accounts by Restricting Password-Based Login<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_accounts-restrictions");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_password_expiration" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_password_expiration" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-restrictions"><td colspan="3" style="padding-left: 76px">Set Password Expiration Parameters<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_password_expiration");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs" id="rule-overview-leaf-idm45508565226256" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_expiration" data-references='{"NIST SP 800-171":["3.5.7"],"NIST SP 800-53":["IA-5(f)","IA-5(1)(a)"],"FBI CJIS":["5.6.2.1"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508565226256" onclick="return openRuleDetailsDialog('idm45508565226256')">Set Password Minimum Length in login.defs</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_password_storage" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_password_storage" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-restrictions"><td colspan="3" style="padding-left: 76px">Verify Proper Storage and Existence of Password >Hashes<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_password_storage");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_no_empty_passwords" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_no_empty_passwords" id="rule-overview-leaf-idm45508565186672" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_storage" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86561r2_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-010290"],"NIST SP 800-171":["3.1.1","3.1.5"],"NIST SP 800-53":["AC-6","IA-5(b)","IA-5(c)","IA-5(1)(a)"],"FBI CJIS":["5.5.2"],"HIPAA":["164.308(a)(1)(ii)(B)","164.308(a)(7)(i)","164.308(a)(7)(ii)(A)","164.310(a)(1)","164.310(a)(2)(i)","164.310(a)(2)(ii)","164.310(a)(2)(iii)","164.310(b)","164.310(c)","164.310(d)(1)","164.310(d)(2)(iii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"],"PCI-DSS Requirement":["Req-8.2.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508565186672" onclick="return openRuleDetailsDialog('idm45508565186672')">Prevent Log In to Accounts With Empty Password</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts"><td colspan="3" style="padding-left: 57px">Secure Session Configuration Files for Login Accounts<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_accounts-session");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_tmout" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_tmout" id="rule-overview-leaf-idm45508565131200" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-session" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86847r3_rule"],"DISA CCI":["CCI-001133","CCI-000361"],"DISA SRG":["SRG-OS-000163-GPOS-00072"],"DISA STIG":["RHEL-07-040160"],"NIST SP 800-171":["3.1.11"],"NIST SP 800-53":["AC-12","SC-10"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508565131200" onclick="return openRuleDetailsDialog('idm45508565131200')">Set Interactive Session Timeout</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-physical" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts-physical" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts"><td colspan="3" style="padding-left: 57px"><strong>Protect Physical Console Access</strong> <span class="badge">1x notchecked</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_screen_locking" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_screen_locking" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-physical"><td colspan="3" style="padding-left: 76px">Configure Screen Locking<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_screen_locking");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_console_screen_locking" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_console_screen_locking" data-tt-parent-id="xccdf_org.ssgproject.content_group_screen_locking"><td colspan="3" style="padding-left: 95px">Configure Console Screen Locking<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_console_screen_locking");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_screen_installed" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_package_screen_installed" id="rule-overview-leaf-idm45508565110016" data-tt-parent-id="xccdf_org.ssgproject.content_group_console_screen_locking" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86521r1_rule"],"DISA CCI":["CCI-000057"],"DISA SRG":["SRG-OS-000029-GPOS-00010"],"DISA STIG":["RHEL-07-010090"],"NIST SP 800-171":["3.1.10"],"NIST SP 800-53":["AC-11(a)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 114px"><a href="#rule-detail-idm45508565110016" onclick="return openRuleDetailsDialog('idm45508565110016')">Install the screen Package</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_require_singleuser_auth" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_require_singleuser_auth" id="rule-overview-leaf-idm45508565099216" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-physical" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-92519r1_rule","SV-92519r1_rule"],"DISA CCI":["CCI-000213"],"DISA SRG":["SRG-OS-000080-GPOS-00048"],"DISA STIG":["RHEL-07-010481","RHEL-07-010481"],"NIST SP 800-171":["3.1.1","3.4.5"],"NIST SP 800-53":["IA-2(1)","AC-3"],"CIS Recommendation":["1.4.3"],"HIPAA":["164.308(a)(1)(ii)(B)","164.308(a)(7)(i)","164.308(a)(7)(ii)(A)","164.310(a)(1)","164.310(a)(2)(i)","164.310(a)(2)(ii)","164.310(a)(2)(iii)","164.310(b)","164.310(c)","164.310(d)(1)","164.310(d)(2)(iii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508565099216" onclick="return openRuleDetailsDialog('idm45508565099216')">Require Authentication for Single User Mode</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot" id="rule-overview-leaf-idm45508565093168" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-physical" data-references='{"DISA CCI":["CCI-000213"],"NIST SP 800-171":["3.1.2","3.4.5"],"NIST SP 800-53":["SC-2","AC-3"],"HIPAA":["164.308(a)(1)(ii)(B)","164.308(a)(7)(i)","164.308(a)(7)(ii)(A)","164.310(a)(1)","164.310(a)(2)(i)","164.310(a)(2)(ii)","164.310(a)(2)(iii)","164.310(b)","164.310(c)","164.310(d)(1)","164.310(d)(2)(iii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508565093168" onclick="return openRuleDetailsDialog('idm45508565093168')">Verify that Interactive Boot is Disabled</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" class="rule-overview-leaf rule-overview-leaf-notchecked rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" id="rule-overview-leaf-idm45508565085360" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-physical" data-references='{"NIST SP 800-171":["3.4.5"],"HIPAA":["164.308(a)(1)(ii)(B)","164.308(a)(7)(i)","164.308(a)(7)(ii)(A)","164.310(a)(1)","164.310(a)(2)(i)","164.310(a)(2)(ii)","164.310(a)(2)(iii)","164.310(b)","164.310(c)","164.310(d)(1)","164.310(d)(2)(iii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508565085360" onclick="return openRuleDetailsDialog('idm45508565085360')">Disable debug-shell SystemD Service</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-notchecked"><div><abbr title="The Rule was not evaluated by the checking engine. This status is designed for Rule elements that have no check elements or that correspond to an unsupported checking system. It may also correspond to a status returned by a checking engine if the checking engine does not support the indicated check code.">notchecked</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-banners" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts-banners" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts"><td colspan="3" style="padding-left: 57px">Warning Banners for System Accesses<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_accounts-banners");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_gui_login_banner" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_gui_login_banner" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-banners"><td colspan="3" style="padding-left: 76px">Implement a GUI Warning Banner<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_gui_login_banner");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_banner_enabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_banner_enabled" id="rule-overview-leaf-idm45508565082672" data-tt-parent-id="xccdf_org.ssgproject.content_group_gui_login_banner" data-references='{"":["OS-SRG-000023-GPOS-00006"],"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86483r3_rule"],"DISA CCI":["CCI-000048"],"DISA SRG":["SRG-OS-000024-GPOS-00007","SRG-OS-000228-GPOS-00088"],"DISA STIG":["RHEL-07-010030"],"NIST SP 800-171":["3.1.9"],"NIST SP 800-53":["AC-8(a)","AC-8(b)","AC-8(c)(1)","AC-8(c)(2)","AC-8(c)(3)"],"CIS Recommendation":["1.7.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508565082672" onclick="return openRuleDetailsDialog('idm45508565082672')">Enable GNOME3 Login Warning Banner</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_login_banner_text" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_login_banner_text" id="rule-overview-leaf-idm45508565078592" data-tt-parent-id="xccdf_org.ssgproject.content_group_gui_login_banner" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86485r3_rule"],"DISA CCI":["CCI-000048"],"DISA SRG":["SRG-OS-000023-GPOS-00006","SRG-OS-000024-GPOS-00007","SRG-OS-000228-GPOS-00088"],"DISA STIG":["RHEL-07-010040"],"NIST SP 800-171":["3.1.9"],"NIST SP 800-53":["AC-8(a)","AC-8(b)","AC-8(c)"],"CIS Recommendation":["1.7.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508565078592" onclick="return openRuleDetailsDialog('idm45508565078592')">Set the GNOME3 Login Warning Banner Text</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_banner_etc_issue" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_banner_etc_issue" id="rule-overview-leaf-idm45508565070608" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-banners" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86487r2_rule"],"DISA CCI":["CCI-000048"],"DISA SRG":["SRG-OS-000023-GPOS-00006","SRG-OS-000024-GPOS-00007"],"DISA STIG":["RHEL-07-010050"],"NIST SP 800-171":["3.1.9"],"NIST SP 800-53":["AC-8(a)","AC-8(b)","AC-8(c)(1)","AC-8(c)(2)","AC-8(c)(3)"],"CIS Recommendation":["1.7.1.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508565070608" onclick="return openRuleDetailsDialog('idm45508565070608')">Modify the System Login Banner</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-pam" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts-pam" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts"><td colspan="3" style="padding-left: 57px">Protect Accounts by Configuring PAM<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_accounts-pam");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_locking_out_password_attempts" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_locking_out_password_attempts" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-pam"><td colspan="3" style="padding-left: 76px">Set Lockouts for Failed Password Attempts<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_locking_out_password_attempts");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny_root" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny_root" id="rule-overview-leaf-idm45508565058992" data-tt-parent-id="xccdf_org.ssgproject.content_group_locking_out_password_attempts" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86569r2_rule"],"DISA CCI":["CCI-002238"],"DISA SRG":["SRG-OS-000329-GPOS-00128","SRG-OS-000021-GPOS-00005"],"DISA STIG":["RHEL-07-010330"],"NIST SP 800-53":["AC-7(b)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508565058992" onclick="return openRuleDetailsDialog('idm45508565058992')">Configure the root Account for Failed Password Attempts</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time" id="rule-overview-leaf-idm45508565055232" data-tt-parent-id="xccdf_org.ssgproject.content_group_locking_out_password_attempts" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86567r3_rule"],"DISA CCI":["CCI-002238"],"DISA SRG":["SRG-OS-000329-GPOS-00128","SRG-OS-000021-GPOS-00005"],"DISA STIG":["RHEL-07-010320"],"NIST SP 800-171":["3.1.8"],"NIST SP 800-53":["AC-7(b)"],"CIS Recommendation":["5.3.2"],"FBI CJIS":["5.5.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-8.1.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508565055232" onclick="return openRuleDetailsDialog('idm45508565055232')">Set Lockout Time For Failed Password Attempts</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval" id="rule-overview-leaf-idm45508565048304" data-tt-parent-id="xccdf_org.ssgproject.content_group_locking_out_password_attempts" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86567r3_rule"],"DISA CCI":["CCI-002238"],"DISA SRG":["SRG-OS-000329-GPOS-00128","SRG-OS-000021-GPOS-00005"],"DISA STIG":["RHEL-07-010320"],"NIST SP 800-53":["AC-7(b)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508565048304" onclick="return openRuleDetailsDialog('idm45508565048304')">Set Interval For Counting Failed Password Attempts</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny" id="rule-overview-leaf-idm45508565043680" data-tt-parent-id="xccdf_org.ssgproject.content_group_locking_out_password_attempts" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86567r3_rule"],"DISA CCI":["CCI-002238"],"DISA SRG":["SRG-OS-000329-GPOS-00128","SRG-OS-000021-GPOS-00005"],"DISA STIG":["RHEL-07-010320"],"NIST SP 800-171":["3.1.8"],"NIST SP 800-53":["AC-7(b)"],"CIS Recommendation":["5.3.2"],"FBI CJIS":["5.5.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-8.1.6"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508565043680" onclick="return openRuleDetailsDialog('idm45508565043680')">Set Deny For Failed Password Attempts</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_password_quality" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_password_quality" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-pam"><td colspan="3" style="padding-left: 76px">Set Password Quality Requirements<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_password_quality");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_password_quality_pwquality" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_password_quality_pwquality" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality"><td colspan="3" style="padding-left: 95px">Set Password Quality Requirements with pam_pwquality<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_password_quality_pwquality");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen" id="rule-overview-leaf-idm45508565039136" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pwquality" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86559r1_rule"],"DISA CCI":["CCI-000205"],"DISA SRG":["SRG-OS-000078-GPOS-00046"],"DISA STIG":["RHEL-07-010280"],"NIST SP 800-53":["IA-5(1)(a)"],"CIS Recommendation":["6.3.2"],"FBI CJIS":["5.6.2.1.1"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-8.2.3"]}'><td style="padding-left: 114px"><a href="#rule-detail-idm45508565039136" onclick="return openRuleDetailsDialog('idm45508565039136')">Set Password Minimum Length</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit" id="rule-overview-leaf-idm45508565029904" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pwquality" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86531r2_rule"],"DISA CCI":["CCI-000194"],"DISA SRG":["SRG-OS-000071-GPOS-00039"],"DISA STIG":["RHEL-07-010140"],"NIST SP 800-53":["IA-5(1)(a)","IA-5(b)","IA-5(c)","194"],"CIS Recommendation":["6.3.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-8.2.3"]}'><td style="padding-left: 114px"><a href="#rule-detail-idm45508565029904" onclick="return openRuleDetailsDialog('idm45508565029904')">Set Password Strength Minimum Digit Characters</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit" id="rule-overview-leaf-idm45508565020624" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pwquality" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86533r1_rule"],"DISA CCI":["CCI-001619"],"DISA SRG":["SRG-OS-000266-GPOS-00101"],"DISA STIG":["RHEL-07-010150"],"NIST SP 800-53":["IA-5(b)","IA-5(c)","IA-5(1)(a)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 114px"><a href="#rule-detail-idm45508565020624" onclick="return openRuleDetailsDialog('idm45508565020624')">Set Password Strength Minimum Special Characters</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit" id="rule-overview-leaf-idm45508565016064" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pwquality" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86529r4_rule"],"DISA CCI":["CCI-000193"],"DISA SRG":["SRG-OS-000070-GPOS-00038"],"DISA STIG":["RHEL-07-010130"],"NIST SP 800-53":["IA-5(b)","IA-5(c)","IA-5(1)(a)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-8.2.3"]}'><td style="padding-left: 114px"><a href="#rule-detail-idm45508565016064" onclick="return openRuleDetailsDialog('idm45508565016064')">Set Password Strength Minimum Lowercase Characters</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit" id="rule-overview-leaf-idm45508565011552" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pwquality" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86527r2_rule"],"DISA CCI":["CCI-000192"],"DISA SRG":["SRG-OS-000069-GPOS-00037"],"DISA STIG":["RHEL-07-010120"],"NIST SP 800-53":["IA-5(b)","IA-5(c)","IA-5(1)(a)"],"CIS Recommendation":["6.3.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-8.2.3"]}'><td style="padding-left: 114px"><a href="#rule-detail-idm45508565011552" onclick="return openRuleDetailsDialog('idm45508565011552')">Set Password Strength Minimum Uppercase Characters</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_password_pam_retry" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_retry" id="rule-overview-leaf-idm45508565007040" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pwquality" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-87811r3_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00225"],"DISA STIG":["RHEL-07-010119"],"NIST SP 800-53":["CM-6(b)","IA-5(c)"],"CIS Recommendation":["6.3.2"],"FBI CJIS":["5.5.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 114px"><a href="#rule-detail-idm45508565007040" onclick="return openRuleDetailsDialog('idm45508565007040')">Set Password Retry Prompts Permitted Per-Session</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_auditing" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px"><strong>System Accounting with <tt>auditd</tt></strong> <span class="badge">18x fail</span> <span class="badge">2x notchecked</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_configure_auditd_data_retention" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_configure_auditd_data_retention" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditing"><td colspan="3" style="padding-left: 57px"><strong>Configure <tt>auditd</tt> Data Retention</strong> <span class="badge">2x notchecked</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_auditd_audispd_encrypt_sent_records" class="rule-overview-leaf rule-overview-leaf-notchecked rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_auditd_audispd_encrypt_sent_records" id="rule-overview-leaf-idm45508564982000" data-tt-parent-id="xccdf_org.ssgproject.content_group_configure_auditd_data_retention" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86709r1_rule"],"DISA CCI":["CCI-001851"],"DISA SRG":["SRG-OS-000342-GPOS-00133"],"DISA STIG":["RHEL-07-030310"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564982000" onclick="return openRuleDetailsDialog('idm45508564982000')">Encrypt Audit Records Sent With audispd Plugin</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-notchecked"><div><abbr title="The Rule was not evaluated by the checking engine. This status is designed for Rule elements that have no check elements or that correspond to an unsupported checking system. It may also correspond to a status returned by a checking engine if the checking engine does not support the indicated check code.">notchecked</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_auditd_audispd_configure_remote_server" class="rule-overview-leaf rule-overview-leaf-notchecked rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_auditd_audispd_configure_remote_server" id="rule-overview-leaf-idm45508564979312" data-tt-parent-id="xccdf_org.ssgproject.content_group_configure_auditd_data_retention" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86707r1_rule"],"DISA CCI":["CCI-001851"],"DISA SRG":["SRG-OS-000342-GPOS-00133"],"DISA STIG":["RHEL-07-030300"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564979312" onclick="return openRuleDetailsDialog('idm45508564979312')">Configure audispd Plugin To Send Logs To Remote Server</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-notchecked"><div><abbr title="The Rule was not evaluated by the checking engine. This status is designed for Rule elements that have no check elements or that correspond to an unsupported checking system. It may also correspond to a status returned by a checking engine if the checking engine does not support the indicated check code.">notchecked</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_auditd_audispd_syslog_plugin_activated" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_auditd_audispd_syslog_plugin_activated" id="rule-overview-leaf-idm45508564976176" data-tt-parent-id="xccdf_org.ssgproject.content_group_configure_auditd_data_retention" data-references='{"DISA CCI":["CCI-000136"],"NIST SP 800-171":["3.3.1"],"NIST SP 800-53":["AU-1(b)","AU-3(2)","IR-5"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(5)(ii)(B)","164.308(a)(5)(ii)(C)","164.308(a)(6)(ii)","164.308(a)(8)","164.310(d)(2)(iii)","164.312(b)","164.314(a)(2)(i)(C)","164.314(a)(2)(iii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.3"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564976176" onclick="return openRuleDetailsDialog('idm45508564976176')">Configure auditd to use audispd's syslog plugin</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_auditd_configure_rules" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditing"><td colspan="3" style="padding-left: 57px"><strong>Configure <tt>auditd</tt> Rules for Comprehensive Auditing</strong> <span class="badge">18x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_kernel_module_loading" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_kernel_module_loading" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record Information on Kernel Modules Loading and Unloading<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_kernel_module_loading");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_rmmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_rmmod" id="rule-overview-leaf-idm45508564947200" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_kernel_module_loading" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86817r3_rule"],"DISA CCI":["CCI-000172"],"DISA SRG":["SRG-OS-000471-GPOS-00216","SRG-OS-000477-GPOS-00222"],"DISA STIG":["RHEL-07-030850"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.17"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564947200" onclick="return openRuleDetailsDialog('idm45508564947200')">Ensure auditd Collects Information on Kernel Module Unloading - rmmod</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_modprobe" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_modprobe" id="rule-overview-leaf-idm45508564941120" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_kernel_module_loading" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86819r3_rule"],"DISA CCI":["CCI-000172"],"DISA SRG":["SRG-OS-000471-GPOS-00216","SRG-OS-000477-GPOS-00222"],"DISA STIG":["RHEL-07-030860"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.17"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564941120" onclick="return openRuleDetailsDialog('idm45508564941120')">Ensure auditd Collects Information on Kernel Module Loading and Unloading - modprobe</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete" id="rule-overview-leaf-idm45508564937360" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_kernel_module_loading" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86813r3_rule"],"DISA CCI":["CCI-000172"],"DISA SRG":["SRG-OS-000471-GPOS-00216","SRG-OS-000477-GPOS-00222"],"DISA STIG":["RHEL-07-030830"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.17"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564937360" onclick="return openRuleDetailsDialog('idm45508564937360')">Ensure auditd Collects Information on Kernel Module Unloading - delete_module</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_insmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_insmod" id="rule-overview-leaf-idm45508564931312" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_kernel_module_loading" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86815r3_rule"],"DISA CCI":["CCI-000172"],"DISA SRG":["SRG-OS-000471-GPOS-00216","SRG-OS-000477-GPOS-00222"],"DISA STIG":["RHEL-07-030840"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.17"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564931312" onclick="return openRuleDetailsDialog('idm45508564931312')">Ensure auditd Collects Information on Kernel Module Loading - insmod</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" id="rule-overview-leaf-idm45508564925808" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_kernel_module_loading" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86811r3_rule"],"DISA CCI":["CCI-000172"],"DISA SRG":["SRG-OS-000471-GPOS-00216","SRG-OS-000477-GPOS-00222"],"DISA STIG":["RHEL-07-030820"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.17"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564925808" onclick="return openRuleDetailsDialog('idm45508564925808')">Ensure auditd Collects Information on Kernel Module Loading - init_module</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_login_events" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_login_events" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record Attempts to Alter Logon and Logout Events<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_login_events");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog" id="rule-overview-leaf-idm45508564919776" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_login_events" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86771r2_rule"],"DISA CCI":["CCI-000172","CCI-002884","CCI-000126"],"DISA SRG":["SRG-OS-000392-GPOS-00172","SRG-OS-000470-GPOS-00214","SRG-OS-000473-GPOS-00218"],"DISA STIG":["RHEL-07-030620"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.8"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564919776" onclick="return openRuleDetailsDialog('idm45508564919776')">Record Attempts to Alter Logon and Logout Events - lastlog</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock" id="rule-overview-leaf-idm45508564916048" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_login_events" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86769r3_rule"],"DISA CCI":["CCI-000172","CCI-002884","CCI-000126"],"DISA SRG":["SRG-OS-000392-GPOS-00172","SRG-OS-000470-GPOS-00214","SRG-OS-000473-GPOS-00218"],"DISA STIG":["RHEL-07-030610"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.8"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564916048" onclick="return openRuleDetailsDialog('idm45508564916048')">Record Attempts to Alter Logon and Logout Events - faillock</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_login_events_tallylog" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_tallylog" id="rule-overview-leaf-idm45508564912368" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_login_events" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86767r2_rule"],"DISA CCI":["CCI-000172","CCI-002884","CCI-000126"],"DISA SRG":["SRG-OS-000392-GPOS-00172","SRG-OS-000470-GPOS-00214","SRG-OS-000473-GPOS-00218"],"DISA STIG":["RHEL-07-030600"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.8"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564912368" onclick="return openRuleDetailsDialog('idm45508564912368')">Record Attempts to Alter Logon and Logout Events - tallylog</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_dac_actions" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_dac_actions" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record Events that Modify the System's Discretionary Access Controls<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_dac_actions");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown" id="rule-overview-leaf-idm45508564896816" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86723r3_rule"],"DISA CCI":["CCI-000126","CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000474-GPOS-00219"],"DISA STIG":["RHEL-07-030380"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564896816" onclick="return openRuleDetailsDialog('idm45508564896816')">Record Events that Modify the System's Discretionary Access Controls - fchown</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr" id="rule-overview-leaf-idm45508564893088" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86735r3_rule"],"DISA CCI":["CCI-000126","CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203"],"DISA STIG":["RHEL-07-030440"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564893088" onclick="return openRuleDetailsDialog('idm45508564893088')">Record Events that Modify the System's Discretionary Access Controls - setxattr</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr" id="rule-overview-leaf-idm45508564889408" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86737r3_rule"],"DISA CCI":["CCI-000126","CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203"],"DISA STIG":["RHEL-07-030450"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564889408" onclick="return openRuleDetailsDialog('idm45508564889408')">Record Events that Modify the System's Discretionary Access Controls - fsetxattr</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown" id="rule-overview-leaf-idm45508564885712" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86721r3_rule"],"DISA CCI":["CCI-000126","CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000474-GPOS-00219"],"DISA STIG":["RHEL-07-030370"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564885712" onclick="return openRuleDetailsDialog('idm45508564885712')">Record Events that Modify the System's Discretionary Access Controls - chown</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat" id="rule-overview-leaf-idm45508564882032" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86727r3_rule"],"DISA CCI":["CCI-000126","CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000474-GPOS-00219"],"DISA STIG":["RHEL-07-030400"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564882032" onclick="return openRuleDetailsDialog('idm45508564882032')">Record Events that Modify the System's Discretionary Access Controls - fchownat</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown" id="rule-overview-leaf-idm45508564878352" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86725r3_rule"],"DISA CCI":["CCI-000126","CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000474-GPOS-00219"],"DISA STIG":["RHEL-07-030390"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564878352" onclick="return openRuleDetailsDialog('idm45508564878352')">Record Events that Modify the System's Discretionary Access Controls - lchown</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod" id="rule-overview-leaf-idm45508564874672" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86729r3_rule"],"DISA CCI":["CCI-000126","CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203"],"DISA STIG":["RHEL-07-030410"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564874672" onclick="return openRuleDetailsDialog('idm45508564874672')">Record Events that Modify the System's Discretionary Access Controls - chmod</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr" id="rule-overview-leaf-idm45508564870992" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86741r3_rule"],"DISA CCI":["CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203"],"DISA STIG":["RHEL-07-030470"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564870992" onclick="return openRuleDetailsDialog('idm45508564870992')">Record Events that Modify the System's Discretionary Access Controls - removexattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr" id="rule-overview-leaf-idm45508564867296" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86743r3_rule"],"DISA CCI":["CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203"],"DISA STIG":["RHEL-07-030480"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564867296" onclick="return openRuleDetailsDialog('idm45508564867296')">Record Events that Modify the System's Discretionary Access Controls - fremovexattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr" id="rule-overview-leaf-idm45508564863584" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86739r3_rule"],"DISA CCI":["CCI-000126","CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000474-GPOS-00219"],"DISA STIG":["RHEL-07-030460"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564863584" onclick="return openRuleDetailsDialog('idm45508564863584')">Record Events that Modify the System's Discretionary Access Controls - lsetxattr</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod" id="rule-overview-leaf-idm45508564859888" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86731r3_rule"],"DISA CCI":["CCI-000126","CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203"],"DISA STIG":["RHEL-07-030420"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564859888" onclick="return openRuleDetailsDialog('idm45508564859888')">Record Events that Modify the System's Discretionary Access Controls - fchmod</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr" id="rule-overview-leaf-idm45508564856208" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86745r3_rule"],"DISA CCI":["CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203"],"DISA STIG":["RHEL-07-030490"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564856208" onclick="return openRuleDetailsDialog('idm45508564856208')">Record Events that Modify the System's Discretionary Access Controls - lremovexattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat" id="rule-overview-leaf-idm45508564852496" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86733r3_rule"],"DISA CCI":["CCI-000126","CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203"],"DISA STIG":["RHEL-07-030430"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564852496" onclick="return openRuleDetailsDialog('idm45508564852496')">Record Events that Modify the System's Discretionary Access Controls - fchmodat</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_execution_selinux_commands" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_execution_selinux_commands" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record Execution Attempts to Run SELinux Privileged Commands<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_execution_selinux_commands");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_execution_seunshare" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_seunshare" id="rule-overview-leaf-idm45508564848816" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_execution_selinux_commands" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564848816" onclick="return openRuleDetailsDialog('idm45508564848816')">Record Any Attempts to Run seunshare</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_execution_setsebool" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_setsebool" id="rule-overview-leaf-idm45508564844032" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_execution_selinux_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86761r3_rule"],"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000392-GPOS-00172","SRG-OS-000463-GPOS-00207","SRG-OS-000465-GPOS-00209"],"DISA STIG":["RHEL-07-030570"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564844032" onclick="return openRuleDetailsDialog('idm45508564844032')">Record Any Attempts to Run setsebool</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_execution_semanage" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_semanage" id="rule-overview-leaf-idm45508564840352" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_execution_selinux_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86759r3_rule"],"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000392-GPOS-00172","SRG-OS-000463-GPOS-00207","SRG-OS-000465-GPOS-00209"],"DISA STIG":["RHEL-07-030560"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564840352" onclick="return openRuleDetailsDialog('idm45508564840352')">Record Any Attempts to Run semanage</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_execution_chcon" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_chcon" id="rule-overview-leaf-idm45508564836672" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_execution_selinux_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86763r3_rule"],"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000392-GPOS-00172","SRG-OS-000463-GPOS-00207","SRG-OS-000465-GPOS-00209"],"DISA STIG":["RHEL-07-030580"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564836672" onclick="return openRuleDetailsDialog('idm45508564836672')">Record Any Attempts to Run chcon</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_execution_restorecon" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_restorecon" id="rule-overview-leaf-idm45508564832992" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_execution_selinux_commands" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000392-GPOS-00172","SRG-OS-000463-GPOS-00207","SRG-OS-000465-GPOS-00209"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564832992" onclick="return openRuleDetailsDialog('idm45508564832992')">Record Any Attempts to Run restorecon</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_file_deletion_events" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_file_deletion_events" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record File Deletion Events by User<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_file_deletion_events");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir" id="rule-overview-leaf-idm45508564829312" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_deletion_events" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86827r3_rule"],"DISA CCI":["CCI-000366","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000466-GPOS-00210","SRG-OS-000467-GPOS-00210","SRG-OS-000468-GPOS-00212","SRG-OS-000392-GPOS-00172"],"DISA STIG":["RHEL-07-030900"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5","MA-4(1)(a)"],"CIS Recommendation":["5.2.14"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564829312" onclick="return openRuleDetailsDialog('idm45508564829312')">Ensure auditd Collects File Deletion Events by User - rmdir</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat" id="rule-overview-leaf-idm45508564825616" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_deletion_events" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86831r3_rule"],"DISA CCI":["CCI-000366","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000466-GPOS-00210","SRG-OS-000467-GPOS-00210","SRG-OS-000468-GPOS-00212","SRG-OS-000392-GPOS-00172"],"DISA STIG":["RHEL-07-030920"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5","MA-4(1)(a)"],"CIS Recommendation":["5.2.14"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564825616" onclick="return openRuleDetailsDialog('idm45508564825616')">Ensure auditd Collects File Deletion Events by User - unlinkat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename" id="rule-overview-leaf-idm45508564819568" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_deletion_events" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86823r3_rule"],"DISA CCI":["CCI-000366","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000466-GPOS-00210","SRG-OS-000467-GPOS-00210","SRG-OS-000468-GPOS-00212","SRG-OS-000392-GPOS-00172"],"DISA STIG":["RHEL-07-030880"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5","MA-4(1)(a)"],"CIS Recommendation":["5.2.14"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564819568" onclick="return openRuleDetailsDialog('idm45508564819568')">Ensure auditd Collects File Deletion Events by User - rename</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat" id="rule-overview-leaf-idm45508564815824" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_deletion_events" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86825r3_rule"],"DISA CCI":["CCI-000366","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000466-GPOS-00210","SRG-OS-000467-GPOS-00210","SRG-OS-000468-GPOS-00212","SRG-OS-000392-GPOS-00172"],"DISA STIG":["RHEL-07-030890"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5","MA-4(1)(a)"],"CIS Recommendation":["5.2.14"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564815824" onclick="return openRuleDetailsDialog('idm45508564815824')">Ensure auditd Collects File Deletion Events by User - renameat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink" id="rule-overview-leaf-idm45508564812112" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_deletion_events" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86829r3_rule"],"DISA CCI":["CCI-000366","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000466-GPOS-00210","SRG-OS-000467-GPOS-00210","SRG-OS-000468-GPOS-00212","SRG-OS-000392-GPOS-00172"],"DISA STIG":["RHEL-07-030910"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5","MA-4(1)(a)"],"CIS Recommendation":["5.2.14"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564812112" onclick="return openRuleDetailsDialog('idm45508564812112')">Ensure auditd Collects File Deletion Events by User - unlink</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_privileged_commands" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px"><strong>Record Information on the Use of Privileged Commands</strong> <span class="badge">2x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passwd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passwd" id="rule-overview-leaf-idm45508564808416" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86773r3_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030630"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564808416" onclick="return openRuleDetailsDialog('idm45508564808416')">Ensure auditd Collects Information on the Use of Privileged Commands - passwd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudo" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564804720" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86785r3_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030690"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564804720" onclick="return openRuleDetailsDialog('idm45508564804720')">Ensure auditd Collects Information on the Use of Privileged Commands - sudo</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_usernetctl" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_usernetctl" id="rule-overview-leaf-idm45508564801040" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564801040" onclick="return openRuleDetailsDialog('idm45508564801040')">Ensure auditd Collects Information on the Use of Privileged Commands - usernetctl</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh" id="rule-overview-leaf-idm45508564795616" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86791r3_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030720"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564795616" onclick="return openRuleDetailsDialog('idm45508564795616')">Ensure auditd Collects Information on the Use of Privileged Commands - chsh</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgidmap" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgidmap" id="rule-overview-leaf-idm45508564791888" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564791888" onclick="return openRuleDetailsDialog('idm45508564791888')">Ensure auditd Collects Information on the Use of Privileged Commands - newgidmap</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage" id="rule-overview-leaf-idm45508564786464" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86779r3_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030660"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564786464" onclick="return openRuleDetailsDialog('idm45508564786464')">Ensure auditd Collects Information on the Use of Privileged Commands - chage</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_userhelper" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_userhelper" id="rule-overview-leaf-idm45508564782736" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86781r3_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030670"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564782736" onclick="return openRuleDetailsDialog('idm45508564782736')">Ensure auditd Collects Information on the Use of Privileged Commands - userhelper</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_at" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_at" id="rule-overview-leaf-idm45508564779024" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564779024" onclick="return openRuleDetailsDialog('idm45508564779024')">Ensure auditd Collects Information on the Use of Privileged Commands - at</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab" id="rule-overview-leaf-idm45508564773632" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86807r2_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030800"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564773632" onclick="return openRuleDetailsDialog('idm45508564773632')">Ensure auditd Collects Information on the Use of Privileged Commands - crontab</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_umount" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_umount" id="rule-overview-leaf-idm45508564769888" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86797r4_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030750"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564769888" onclick="return openRuleDetailsDialog('idm45508564769888')">Ensure auditd Collects Information on the Use of Privileged Commands - umount</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd" id="rule-overview-leaf-idm45508564766192" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86775r4_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030640"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564766192" onclick="return openRuleDetailsDialog('idm45508564766192')">Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pt_chown" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pt_chown" id="rule-overview-leaf-idm45508564762480" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564762480" onclick="return openRuleDetailsDialog('idm45508564762480')">Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_keysign" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_keysign" id="rule-overview-leaf-idm45508564758784" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86803r2_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030780"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564758784" onclick="return openRuleDetailsDialog('idm45508564758784')">Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudoedit" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564755072" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86793r4_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030730"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564755072" onclick="return openRuleDetailsDialog('idm45508564755072')">Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_mount" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_mount" id="rule-overview-leaf-idm45508564751376" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564751376" onclick="return openRuleDetailsDialog('idm45508564751376')">Ensure auditd Collects Information on the Use of Privileged Commands - mount</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newuidmap" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newuidmap" id="rule-overview-leaf-idm45508564748336" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564748336" onclick="return openRuleDetailsDialog('idm45508564748336')">Ensure auditd Collects Information on the Use of Privileged Commands - newuidmap</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd" id="rule-overview-leaf-idm45508564745264" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86777r3_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030650"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564745264" onclick="return openRuleDetailsDialog('idm45508564745264')">Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_su" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_su" id="rule-overview-leaf-idm45508564739232" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86783r4_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030680"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564739232" onclick="return openRuleDetailsDialog('idm45508564739232')">Ensure auditd Collects Information on the Use of Privileged Commands - su</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp" id="rule-overview-leaf-idm45508564735504" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86789r3_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030710"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564735504" onclick="return openRuleDetailsDialog('idm45508564735504')">Ensure auditd Collects Information on the Use of Privileged Commands - newgrp</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px"><strong>Record Unauthorized Access Attempts Events to Files (unsuccessful)</strong> <span class="badge">9x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat" id="rule-overview-leaf-idm45508564731808" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564731808" onclick="return openRuleDetailsDialog('idm45508564731808')">Record Unsuccessul Delete Attempts to Files - renameat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_chmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_chmod" id="rule-overview-leaf-idm45508564728736" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564728736" onclick="return openRuleDetailsDialog('idm45508564728736')">Record Unsuccessul Permission Changes to Files - chmod</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_o_trunc_write" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564725664" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564725664" onclick="return openRuleDetailsDialog('idm45508564725664')">Record Unauthorized Modification Attempts to Files - open O_TRUNC</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchownat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchownat" id="rule-overview-leaf-idm45508564722560" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564722560" onclick="return openRuleDetailsDialog('idm45508564722560')">Record Unsuccessul Ownership Changes to Files - fchownat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_o_creat" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564719456" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564719456" onclick="return openRuleDetailsDialog('idm45508564719456')">Record Unauthorized Creation Attempts to Files - openat O_CREAT</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lchown" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lchown" id="rule-overview-leaf-idm45508564716352" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564716352" onclick="return openRuleDetailsDialog('idm45508564716352')">Record Unsuccessul Ownership Changes to Files - lchown</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate" id="rule-overview-leaf-idm45508564713280" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86755r3_rule"],"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"DISA STIG":["RHEL-07-030540"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564713280" onclick="return openRuleDetailsDialog('idm45508564713280')">Record Unauthorized Access Attempts to Files (unsuccessful) - truncate</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_removexattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_removexattr" id="rule-overview-leaf-idm45508564709568" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564709568" onclick="return openRuleDetailsDialog('idm45508564709568')">Record Unsuccessul Permission Changes to Files - removexattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_chown" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_chown" id="rule-overview-leaf-idm45508564706480" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564706480" onclick="return openRuleDetailsDialog('idm45508564706480')">Record Unsuccessul Ownership Changes to Files - chown</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchown" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchown" id="rule-overview-leaf-idm45508564703408" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564703408" onclick="return openRuleDetailsDialog('idm45508564703408')">Record Unsuccessul Ownership Changes to Files - fchown</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchmodat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchmodat" id="rule-overview-leaf-idm45508564700336" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564700336" onclick="return openRuleDetailsDialog('idm45508564700336')">Record Unsuccessul Permission Changes to Files - fchmodat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_setxattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_setxattr" id="rule-overview-leaf-idm45508564697264" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564697264" onclick="return openRuleDetailsDialog('idm45508564697264')">Record Unsuccessul Permission Changes to Files - setxattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lremovexattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lremovexattr" id="rule-overview-leaf-idm45508564694192" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564694192" onclick="return openRuleDetailsDialog('idm45508564694192')">Record Unsuccessul Permission Changes to Files - lremovexattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat" id="rule-overview-leaf-idm45508564691104" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86747r3_rule"],"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"DISA STIG":["RHEL-07-030500"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564691104" onclick="return openRuleDetailsDialog('idm45508564691104')">Record Unauthorized Access Attempts to Files (unsuccessful) - creat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_o_creat" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564687392" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564687392" onclick="return openRuleDetailsDialog('idm45508564687392')">Record Unauthorized Creation Attempts to Files - open O_CREAT</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fremovexattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fremovexattr" id="rule-overview-leaf-idm45508564684304" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564684304" onclick="return openRuleDetailsDialog('idm45508564684304')">Record Unsuccessul Permission Changes to Files - fremovexattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlink" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlink" id="rule-overview-leaf-idm45508564681216" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564681216" onclick="return openRuleDetailsDialog('idm45508564681216')">Record Unsuccessul Delete Attempts to Files - unlink</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fsetxattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fsetxattr" id="rule-overview-leaf-idm45508564678144" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564678144" onclick="return openRuleDetailsDialog('idm45508564678144')">Record Unsuccessul Permission Changes to Files - fsetxattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_rule_order" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564675072" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564675072" onclick="return openRuleDetailsDialog('idm45508564675072')">Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_rule_order" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564671968" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564671968" onclick="return openRuleDetailsDialog('idm45508564671968')">Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open" id="rule-overview-leaf-idm45508564668864" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86749r3_rule"],"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"DISA STIG":["RHEL-07-030510"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564668864" onclick="return openRuleDetailsDialog('idm45508564668864')">Record Unauthorized Access Attempts to Files (unsuccessful) - open</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lsetxattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lsetxattr" id="rule-overview-leaf-idm45508564665152" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564665152" onclick="return openRuleDetailsDialog('idm45508564665152')">Record Unsuccessul Permission Changes to Files - lsetxattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564662080" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564662080" onclick="return openRuleDetailsDialog('idm45508564662080')">Record Unauthorized Creation Attempts to Files - open_by_handle_at O_CREAT</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at" id="rule-overview-leaf-idm45508564658976" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86753r3_rule"],"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"DISA STIG":["RHEL-07-030530"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564658976" onclick="return openRuleDetailsDialog('idm45508564658976')">Record Unauthorized Access Attempts to Files (unsuccessful) - open_by_handle_at</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate" id="rule-overview-leaf-idm45508564655232" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86757r3_rule"],"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"DISA STIG":["RHEL-07-030550"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564655232" onclick="return openRuleDetailsDialog('idm45508564655232')">Record Unauthorized Access Attempts to Files (unsuccessful) - ftruncate</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564651520" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564651520" onclick="return openRuleDetailsDialog('idm45508564651520')">Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlinkat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlinkat" id="rule-overview-leaf-idm45508564648400" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564648400" onclick="return openRuleDetailsDialog('idm45508564648400')">Record Unsuccessul Delete Attempts to Files - unlinkat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_o_trunc_write" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564645328" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564645328" onclick="return openRuleDetailsDialog('idm45508564645328')">Record Unauthorized Modification Attempts to Files - openat O_TRUNC</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchmod" id="rule-overview-leaf-idm45508564639872" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564639872" onclick="return openRuleDetailsDialog('idm45508564639872')">Record Unsuccessul Permission Changes to Files - fchmod</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564636752" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564636752" onclick="return openRuleDetailsDialog('idm45508564636752')">Record Unauthorized Modification Attempts to Files - open_by_handle_at O_TRUNC</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat" id="rule-overview-leaf-idm45508564633616" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86751r3_rule"],"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"DISA STIG":["RHEL-07-030520"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564633616" onclick="return openRuleDetailsDialog('idm45508564633616')">Record Unauthorized Access Attempts to Files (unsuccessful) - openat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_rename" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_rename" id="rule-overview-leaf-idm45508564629904" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564629904" onclick="return openRuleDetailsDialog('idm45508564629904')">Record Unsuccessul Delete Attempts to Files - rename</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions" id="rule-overview-leaf-idm45508564626832" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86787r4_rule"],"DISA CCI":["CCI-000126","CCI-000130","CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030700"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(7)(b)","AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","iAU-3(1)","AU-12(a)","AU-12(c)","IR-5"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.2","Req-10.2.5.b"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564626832" onclick="return openRuleDetailsDialog('idm45508564626832')">Ensure auditd Collects System Administrator Actions</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open_by_handle_at" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564618416" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564618416" onclick="return openRuleDetailsDialog('idm45508564618416')">Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open_by_handle_at" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564615312" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564615312" onclick="return openRuleDetailsDialog('idm45508564615312')">Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564612256" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564612256" onclick="return openRuleDetailsDialog('idm45508564612256')">Record Events that Modify User/Group Information via open syscall - /etc/passwd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_session_events" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_session_events" id="rule-overview-leaf-idm45508564609216" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.3"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564609216" onclick="return openRuleDetailsDialog('idm45508564609216')">Record Attempts to Alter Process and Session Initiation Information</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_etc_group_openat" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564605536" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564605536" onclick="return openRuleDetailsDialog('idm45508564605536')">Record Events that Modify User/Group Information via openat syscall - /etc/group</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_immutable" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_immutable" id="rule-overview-leaf-idm45508564602496" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.3.1","3.4.3"],"NIST SP 800-53":["AC-6","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","IR-5"],"CIS Recommendation":["4.1.18"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.310(a)(2)(iv)","164.312(d)","164.310(d)(2)(iii)","164.312(b)","164.312(e)"],"PCI-DSS Requirement":["Req-10.5.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564602496" onclick="return openRuleDetailsDialog('idm45508564602496')">Make the auditd Configuration Immutable</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564598848" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564598848" onclick="return openRuleDetailsDialog('idm45508564598848')">Record Events that Modify User/Group Information via open syscall - /etc/group</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow" id="rule-overview-leaf-idm45508564595808" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-87823r3_rule"],"DISA CCI":["CCI-000018","CCI-000172","CCI-001403","CCI-002130"],"DISA SRG":["SRG-OS-000004-GPOS-00004"],"DISA STIG":["RHEL-07-030873"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.5"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564595808" onclick="return openRuleDetailsDialog('idm45508564595808')">Record Events that Modify User/Group Information - /etc/shadow</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_openat" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564592096" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564592096" onclick="return openRuleDetailsDialog('idm45508564592096')">Record Events that Modify User/Group Information via openat syscall - /etc/passwd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_directory_access_var_log_audit" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564589056" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564589056" onclick="return openRuleDetailsDialog('idm45508564589056')">Record Access Events to Audit Log directory</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd" id="rule-overview-leaf-idm45508564579552" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-87825r4_rule"],"DISA CCI":["CCI-000018","CCI-000172","CCI-001403","CCI-002130"],"DISA SRG":["SRG-OS-000004-GPOS-00004"],"DISA STIG":["RHEL-07-030874"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.5"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564579552" onclick="return openRuleDetailsDialog('idm45508564579552')">Record Events that Modify User/Group Information - /etc/security/opasswd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_mac_modification" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_mac_modification" id="rule-overview-leaf-idm45508564575792" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.8"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.7"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564575792" onclick="return openRuleDetailsDialog('idm45508564575792')">Record Events that Modify the System's Mandatory Access Controls</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow" id="rule-overview-leaf-idm45508564567392" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-87819r3_rule"],"DISA CCI":["CCI-000018","CCI-000172","CCI-001403","CCI-002130"],"DISA SRG":["SRG-OS-000004-GPOS-00004"],"DISA STIG":["RHEL-07-030872"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.5"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564567392" onclick="return openRuleDetailsDialog('idm45508564567392')">Record Events that Modify User/Group Information - /etc/gshadow</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd" id="rule-overview-leaf-idm45508564563632" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86821r4_rule"],"DISA CCI":["CCI-000018","CCI-000172","CCI-001403","CCI-002130"],"DISA SRG":["SRG-OS-000004-GPOS-00004","SRG-OS-000239-GPOS-00089","SRG-OS-000240-GPOS-00090","SRG-OS-000241-GPOS-00091","SRG-OS-000303-GPOS-00120","SRG-OS-000476-GPOS-00221"],"DISA STIG":["RHEL-07-030870"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.5"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564563632" onclick="return openRuleDetailsDialog('idm45508564563632')">Record Events that Modify User/Group Information - /etc/passwd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group" id="rule-overview-leaf-idm45508564559920" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-87817r2_rule"],"DISA CCI":["CCI-000018","CCI-000172","CCI-001403","CCI-002130"],"DISA SRG":["SRG-OS-000004-GPOS-00004"],"DISA STIG":["RHEL-07-030871"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.5"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564559920" onclick="return openRuleDetailsDialog('idm45508564559920')">Record Events that Modify User/Group Information - /etc/group</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_audit_backlog_limit_argument" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_grub2_audit_backlog_limit_argument" id="rule-overview-leaf-idm45508564556224" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditing" data-references="{}"><td style="padding-left: 57px"><a href="#rule-detail-idm45508564556224" onclick="return openRuleDetailsDialog('idm45508564556224')">Extend Audit Backlog Limit for the Audit Daemon</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_audit_argument" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_grub2_audit_argument" id="rule-overview-leaf-idm45508564553184" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditing" data-references='{"DISA CCI":["CCI-001464","CCI-000130"],"NIST SP 800-171":["3.3.1"],"NIST SP 800-53":["AC-17(1)","AU-14(1)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-10","IR-5"],"CIS Recommendation":["4.1.3"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(5)(ii)(C)","164.310(a)(2)(iv)","164.310(d)(2)(iii)","164.312(b)"],"PCI-DSS Requirement":["Req-10.3"]}'><td style="padding-left: 57px"><a href="#rule-detail-idm45508564553184" onclick="return openRuleDetailsDialog('idm45508564553184')">Enable Auditing for Processes Which Start Prior to the Audit Daemon</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_service_auditd_enabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_service_auditd_enabled" id="rule-overview-leaf-idm45508564547792" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditing" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86703r2_rule"],"DISA CCI":["CCI-000126","CCI-000131"],"DISA SRG":["SRG-OS-000038-GPOS-00016","SRG-OS-000039-GPOS-00017","SRG-OS-000042-GPOS-00021","SRG-OS-000254-GPOS-00095","SRG-OS-000255-GPOS-00096"],"DISA STIG":["RHEL-07-030000"],"NIST SP 800-171":["3.3.1","3.3.2","3.3.6"],"NIST SP 800-53":["AU-3","AC-17(1)","AU-1(b)","AU-10","AU-12(a)","AU-12(c)","AU-14(1)","IR-5"],"CIS Recommendation":["4.1.2"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(5)(ii)(C)","164.310(a)(2)(iv)","164.310(d)(2)(iii)","164.312(b)"],"PCI-DSS Requirement":["Req-10"]}'><td style="padding-left: 57px"><a href="#rule-detail-idm45508564547792" onclick="return openRuleDetailsDialog('idm45508564547792')">Enable auditd Service</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_permissions" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_permissions" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px"><strong>File Permissions and Masks</strong> <span class="badge">1x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_restrictions" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_restrictions" data-tt-parent-id="xccdf_org.ssgproject.content_group_permissions"><td colspan="3" style="padding-left: 57px">Restrict Programs from Dangerous Execution Patterns<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_restrictions");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_poisoning" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_poisoning" data-tt-parent-id="xccdf_org.ssgproject.content_group_restrictions"><td colspan="3" style="padding-left: 76px">Memory Poisoning<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_poisoning");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_slub_debug_argument" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_grub2_slub_debug_argument" id="rule-overview-leaf-idm45508564487008" data-tt-parent-id="xccdf_org.ssgproject.content_group_poisoning" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564487008" onclick="return openRuleDetailsDialog('idm45508564487008')">Enable SLUB/SLAB allocator poisoning</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_page_poison_argument" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_grub2_page_poison_argument" id="rule-overview-leaf-idm45508564483920" data-tt-parent-id="xccdf_org.ssgproject.content_group_poisoning" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564483920" onclick="return openRuleDetailsDialog('idm45508564483920')">Enable page allocator poisoning</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_enable_execshield_settings" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_enable_execshield_settings" data-tt-parent-id="xccdf_org.ssgproject.content_group_restrictions"><td colspan="3" style="padding-left: 76px">Enable ExecShield<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_enable_execshield_settings");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sysctl_kernel_kptr_restrict" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sysctl_kernel_kptr_restrict" id="rule-overview-leaf-idm45508564471392" data-tt-parent-id="xccdf_org.ssgproject.content_group_enable_execshield_settings" data-references='{"ANSSI":["NT28(R23)"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564471392" onclick="return openRuleDetailsDialog('idm45508564471392')">Restrict exposed kernel pointers addresses access</a></td><td class="rule-severity" style="text-align: center">low</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sysctl_kernel_kexec_load_disabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sysctl_kernel_kexec_load_disabled" id="rule-overview-leaf-idm45508564463584" data-tt-parent-id="xccdf_org.ssgproject.content_group_restrictions" data-references="{}"><td style="padding-left: 76px"><a href="#rule-detail-idm45508564463584" onclick="return openRuleDetailsDialog('idm45508564463584')">Disable kernel image loading</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_vsyscall_argument" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_grub2_vsyscall_argument" id="rule-overview-leaf-idm45508564460496" data-tt-parent-id="xccdf_org.ssgproject.content_group_restrictions" data-references="{}"><td style="padding-left: 76px"><a href="#rule-detail-idm45508564460496" onclick="return openRuleDetailsDialog('idm45508564460496')">Disable vsyscalls</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sysctl_kernel_yama_ptrace_scope" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sysctl_kernel_yama_ptrace_scope" id="rule-overview-leaf-idm45508564457472" data-tt-parent-id="xccdf_org.ssgproject.content_group_restrictions" data-references="{}"><td style="padding-left: 76px"><a href="#rule-detail-idm45508564457472" onclick="return openRuleDetailsDialog('idm45508564457472')">Restrict usage of ptrace to descendant processes</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sysctl_kernel_dmesg_restrict" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sysctl_kernel_dmesg_restrict" id="rule-overview-leaf-idm45508564454432" data-tt-parent-id="xccdf_org.ssgproject.content_group_restrictions" data-references='{"DISA CCI":["CCI-001314"],"NIST SP 800-171":["3.1.5"],"NIST SP 800-53":["SI-11"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)","164.308(a)(4)","164.310(b)","164.310(c)","164.312(a)","164.312(e)"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564454432" onclick="return openRuleDetailsDialog('idm45508564454432')">Restrict Access to Kernel Message Buffer</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_partitions" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_partitions" data-tt-parent-id="xccdf_org.ssgproject.content_group_permissions"><td colspan="3" style="padding-left: 57px"><strong>Restrict Partition Mount Options</strong> <span class="badge">1x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_mount_option_dev_shm_noexec" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564450752" data-tt-parent-id="xccdf_org.ssgproject.content_group_partitions" data-references='{"NIST SP 800-53":["CM-7","MP-2"],"CIS Recommendation":["1.1.17"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564450752" onclick="return openRuleDetailsDialog('idm45508564450752')">Add noexec Option to /dev/shm</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nosuid" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nosuid" id="rule-overview-leaf-idm45508564423856" data-tt-parent-id="xccdf_org.ssgproject.content_group_partitions" data-references='{"NIST SP 800-53":["CM-7","MP-2"],"CIS Recommendation":["1.1.16"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564423856" onclick="return openRuleDetailsDialog('idm45508564423856')">Add nosuid Option to /dev/shm</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nodev" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nodev" id="rule-overview-leaf-idm45508564414896" data-tt-parent-id="xccdf_org.ssgproject.content_group_partitions" data-references='{"NIST SP 800-53":["CM-7","MP-2"],"CIS Recommendation":["1.1.15"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564414896" onclick="return openRuleDetailsDialog('idm45508564414896')">Add nodev Option to /dev/shm</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr></tbody></table></div><div class="js-only hidden-print"><button type="button" class="btn btn-info" onclick="return toggleResultDetails(this)">Show all result details</button></div><div id="result-details"><h2>Result Details</h2><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sssd_memcache_timeout" id="rule-detail-idm45508566493920"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure SSSD's Memory Cache to Expirexccdf_org.ssgproject.content_rule_sssd_memcache_timeout mediumCCE-80364-3 </div><div class="panel-heading"><h3 class="panel-title">Configure SSSD's Memory Cache to Expire</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sssd_memcache_timeout</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80364-3">CCE-80364-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002007</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(10)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(13)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000383-GPOS-00166</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>SSSD's memory cache should be configured to set to expire records after 1 day. >To configure SSSD to expire memory cache, set <code>memcache_timeout</code> to ><code>86400</code> under the <code>[nss]</code> section in <code>/etc/sssd/sssd.conf</code>. >For example: ><pre>[nss] >memcache_timeout = 86400 ></pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>If cached authentication information is out-of-date, the validity of the >authentication information may be questionable.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sssd_offline_cred_expiration" id="rule-detail-idm45508566487888"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure SSSD to Expire Offline Credentialsxccdf_org.ssgproject.content_rule_sssd_offline_cred_expiration mediumCCE-80365-0 </div><div class="panel-heading"><h3 class="panel-title">Configure SSSD to Expire Offline Credentials</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sssd_offline_cred_expiration</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80365-0">CCE-80365-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002007</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(13)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000383-GPOS-00166</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>SSSD should be configured to expire offline credentials after 1 day. >To configure SSSD to expire offline credentials, set ><code>offline_credentials_expiration</code> to <code>1</code> under the <code>[pam]</code> >section in <code>/etc/sssd/sssd.conf</code>. For example: ><pre>[pam] >offline_credentials_expiration = 1 ></pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>If cached authentication information is out-of-date, the validity of the >authentication information may be questionable.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_package_abrt_removed" id="rule-detail-idm45508566462288"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Uninstall Automatic Bug Reporting Tool (abrt)xccdf_org.ssgproject.content_rule_package_abrt_removed unknown</div><div class="panel-heading"><h3 class="panel-title">Uninstall Automatic Bug Reporting Tool (abrt)</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_package_abrt_removed</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The Automatic Bug Reporting Tool (<code>abrt</code>) collects >and reports crash data when an application crash is detected. Using a variety >of plugins, abrt can email crash reports to system administrators, log crash >reports to files, or forward crash reports to a centralized issue tracking >system such as RHTSupport. >The <code>abrt</code> package can be removed with the following command: ><pre> >$ sudo yum erase abrt</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Mishandling crash data could expose sensitive information about >vulnerabilities in software executing on the system, as well as sensitive >information from within a process's address space or registers.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_package_sendmail_removed" id="rule-detail-idm45508566390816"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Uninstall Sendmail Packagexccdf_org.ssgproject.content_rule_package_sendmail_removed mediumCCE-80288-4 </div><div class="panel-heading"><h3 class="panel-title">Uninstall Sendmail Package</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_package_sendmail_removed</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80288-4">CCE-80288-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Sendmail is not the default mail transfer agent and is >not installed by default. >The <code>sendmail</code> package can be removed with the following command: ><pre> >$ sudo yum erase sendmail</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The sendmail software was not developed with security in mind and >its design prevents it from being effectively contained by SELinux. Postfix >should be used instead.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts" id="rule-detail-idm45508566299216"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable SSH Support for User Known Hostsxccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts mediumCCE-80372-6 </div><div class="panel-heading"><h3 class="panel-title">Disable SSH Support for User Known Hosts</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80372-6">CCE-80372-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-040380</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86873r2_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.12</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>SSH can allow system users user host-based authentication to connect >to systems if a cache of the remote systems public keys are available. >This should be disabled. ><br><br> >To ensure this behavior is disabled, add or correct the >following line in <code>/etc/ssh/sshd_config</code>: ><pre>IgnoreUserKnownHosts yes</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Configuring this setting for the SSH daemon provides additional >assurance that remove login via SSH will require a password, even >in the event of misconfiguration elsewhere.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords" id="rule-detail-idm45508566294672"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable SSH Access via Empty Passwordsxccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords highCCE-27471-2 </div><div class="panel-heading"><h3 class="panel-title">Disable SSH Access via Empty Passwords</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27471-2">CCE-27471-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010300</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86563r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00229</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To explicitly disallow SSH login from accounts with >empty passwords, add or correct the following line in <code>/etc/ssh/sshd_config</code>: ><br> ><pre>PermitEmptyPasswords no</pre> ><br> >Any accounts with empty passwords should be disabled immediately, and PAM configuration >should prevent users from being able to assign themselves empty passwords.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Configuring this setting for the SSH daemon provides additional assurance that >remote login via SSH will require a password, even in the event of >misconfiguration elsewhere.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_disable_rhosts_rsa" id="rule-detail-idm45508566287856"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable SSH Support for Rhosts RSA Authenticationxccdf_org.ssgproject.content_rule_sshd_disable_rhosts_rsa mediumCCE-80373-4 </div><div class="panel-heading"><h3 class="panel-title">Disable SSH Support for Rhosts RSA Authentication</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_disable_rhosts_rsa</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80373-4">CCE-80373-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-040330</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86863r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.12</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>SSH can allow authentication through the obsolete rsh >command through the use of the authenticating user's SSH keys. This should be disabled. ><br><br> >To ensure this behavior is disabled, add or correct the >following line in <code>/etc/ssh/sshd_config</code>: ><pre>RhostsRSAAuthentication no</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Configuring this setting for the SSH daemon provides additional >assurance that remove login via SSH will require a password, even >in the event of misconfiguration elsewhere.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> > As of <code>openssh-server</code> version <code>7.4</code> and above, >the <code>RhostsRSAAuthentication</code> option has been deprecated, and the line ><pre>RhostsRSAAuthentication no</pre> in <code>/etc/ssh/sshd_config</code> is not >necessary.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner" id="rule-detail-idm45508566280992"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Enable SSH Warning Bannerxccdf_org.ssgproject.content_rule_sshd_enable_warning_banner mediumCCE-27314-4 </div><div class="panel-heading"><h3 class="panel-title">Enable SSH Warning Banner</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27314-4">CCE-27314-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-040170</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86849r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.16</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.9</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000048</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000050</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001384</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001385</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001386</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001387</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001388</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)(3)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000023-GPOS-00006</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000024-GPOS-00007</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000228-GPOS-00088</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To enable the warning banner and ensure it is consistent >across the system, add or correct the following line in <code>/etc/ssh/sshd_config</code>: ><pre>Banner /etc/issue</pre> >Another section contains information on how to create an >appropriate system-wide warning banner.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The warning message reinforces policy awareness during the logon process and >facilitates possible legal action against attackers. Alternatively, systems >whose ownership should not be obvious should ensure usage of a banner that does >not provide easy attribution.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_disable_kerb_auth" id="rule-detail-idm45508566271728"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable Kerberos Authenticationxccdf_org.ssgproject.content_rule_sshd_disable_kerb_auth mediumCCE-80221-5 </div><div class="panel-heading"><h3 class="panel-title">Disable Kerberos Authentication</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_disable_kerb_auth</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80221-5">CCE-80221-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-040440</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86885r2_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.12</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000368</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000318</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001812</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001813</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001814</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000364-GPOS-00151</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Unless needed, SSH should not permit extraneous or unnecessary >authentication mechanisms like Kerberos. To disable Kerberos authentication, add >or correct the following line in the <code>/etc/ssh/sshd_config</code> file: ><pre>KerberosAuthentication no</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Kerberos authentication for SSH is often implemented using GSSAPI. If Kerberos >is enabled through SSH, the SSH daemon provides a means of access to the >system's Kerberos implementation. Vulnerabilities in the system's Kerberos >implementations may be subject to exploitation.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_disable_rhosts" id="rule-detail-idm45508566264864"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable SSH Support for .rhosts Filesxccdf_org.ssgproject.content_rule_sshd_disable_rhosts mediumCCE-27377-1 </div><div class="panel-heading"><h3 class="panel-title">Disable SSH Support for .rhosts Files</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_disable_rhosts</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27377-1">CCE-27377-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-040350</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86867r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.6</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.12</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>SSH can emulate the behavior of the obsolete rsh >command in allowing users to enable insecure access to their >accounts via <code>.rhosts</code> files. ><br><br> >To ensure this behavior is disabled, add or correct the >following line in <code>/etc/ssh/sshd_config</code>: ><pre>IgnoreRhosts yes</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>SSH trust relationships mean a compromise on one host >can allow an attacker to move trivially to other hosts.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_disable_host_auth" id="rule-detail-idm45508566251520"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable Host-Based Authenticationxccdf_org.ssgproject.content_rule_disable_host_auth mediumCCE-27413-4 </div><div class="panel-heading"><h3 class="panel-title">Disable Host-Based Authentication</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_disable_host_auth</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27413-4">CCE-27413-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010470</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86583r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.7</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.12</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00229</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>SSH's cryptographic host-based authentication is >more secure than <code>.rhosts</code> authentication. However, it is >not recommended that hosts unilaterally trust one another, even >within an organization. ><br><br> >To disable host-based authentication, add or correct the >following line in <code>/etc/ssh/sshd_config</code>: ><pre>HostbasedAuthentication no</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>SSH trust relationships mean a compromise on one host >can allow an attacker to move trivially to other hosts.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_disable_gssapi_auth" id="rule-detail-idm45508566234048"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable GSSAPI Authenticationxccdf_org.ssgproject.content_rule_sshd_disable_gssapi_auth mediumCCE-80220-7 </div><div class="panel-heading"><h3 class="panel-title">Disable GSSAPI Authentication</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_disable_gssapi_auth</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80220-7">CCE-80220-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-040430</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86883r2_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.12</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000368</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000318</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001812</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001813</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001814</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000364-GPOS-00151</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Unless needed, SSH should not permit extraneous or unnecessary >authentication mechanisms like GSSAPI. To disable GSSAPI authentication, add or >correct the following line in the <code>/etc/ssh/sshd_config</code> file: ><pre>GSSAPIAuthentication no</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>GSSAPI authentication is used to provide additional authentication mechanisms to >applications. Allowing GSSAPI authentication through SSH exposes the system's >GSSAPI to remote hosts, increasing the attack surface of the system.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_disable_root_login" id="rule-detail-idm45508566227184"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable SSH Root Loginxccdf_org.ssgproject.content_rule_sshd_disable_root_login mediumCCE-27445-6 </div><div class="panel-heading"><h3 class="panel-title">Disable SSH Root Login</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_disable_root_login</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27445-6">CCE-27445-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-040370</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86871r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.8</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2(5)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The root user should never be allowed to login to a >system directly over a network. >To disable root login via SSH, add or correct the following line >in <code>/etc/ssh/sshd_config</code>: ><pre>PermitRootLogin no</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Even though the communications channel may be encrypted, an additional layer of >security is gained by extending the policy of not logging directly on as root. >In addition, logging in with a user-specific account provides individual >accountability of actions performed on the system and also helps to minimize >direct attack attempts on root's password.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_installed_OS_is_certified" id="rule-detail-idm45508566184240"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->The Installed Operating System Is Vendor Supported and Certifiedxccdf_org.ssgproject.content_rule_installed_OS_is_certified highCCE-80349-4 </div><div class="panel-heading"><h3 class="panel-title">The Installed Operating System Is Vendor Supported and Certified</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_installed_OS_is_certified</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80349-4">CCE-80349-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-020250</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86621r2_rule</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-2(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The installed operating system must be maintained and certified by a vendor. >Red Hat Enterprise Linux is supported by Red Hat, Inc. As the Red Hat Enterprise >Linux vendor, Red Hat, Inc. is responsible for providing security patches as well >as meeting and maintaining goverment certifications and standards.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>An operating system is considered "supported" if the vendor continues to provide >security patches for the product as well as maintain government certification requirements. >With an unsupported release, it will not be possible to resolve security issue discovered in >the system software as well as meet government certifications.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_grub2_enable_fips_mode" id="rule-detail-idm45508566178768"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Enable FIPS Mode in GRUB2xccdf_org.ssgproject.content_rule_grub2_enable_fips_mode highCCE-80359-3 </div><div class="panel-heading"><h3 class="panel-title">Enable FIPS Mode in GRUB2</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_grub2_enable_fips_mode</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80359-3">CCE-80359-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-021350</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86691r3_rule</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.13.8</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.13.11</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000068</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002450</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(2)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000033-GPOS-00014</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000396-GPOS-00176</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000478-GPOS-00223</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To ensure FIPS mode is enabled, install package <code>dracut-fips</code>, and rebuild <code>initramfs</code> by running the following commands: ><pre> >$ sudo yum install dracut-fips >dracut -f</pre> >After the <code>dracut</code> command has been run, add the argument <code>fips=1</code> to the default >GRUB 2 command line for the Linux operating system in ><code>/etc/default/grub</code>, in the manner below: ><pre>GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=VolGroup/LogVol06 rd.lvm.lv=VolGroup/lv_swap rhgb quiet rd.shell=0 fips=1"</pre> >Finally, rebuild the <code>grub.cfg</code> file by using the ><pre>grub2-mkconfig -o</pre> command as follows: ><ul><li>On BIOS-based machines, issue the following command as <code>root</code>: ><pre>~]# grub2-mkconfig -o /boot/grub2/grub.cfg</pre></li><li>On UEFI-based machines, issue the following command as <code>root</code>: ><pre>~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre></li></ul></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to >protect data. The operating system must implement cryptographic modules adhering to the higher >standards approved by the federal government since this provides assurance they have been tested >and validated.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> > Running <pre>dracut -f</pre> will overwrite the existing initramfs file.</div></div><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> > The system needs to be rebooted for these changes to take effect.</div></div><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> > The ability to enable FIPS does not denote FIPS compliancy or certification. >Red Hat, Inc. and Red Hat Enterprise Linux are respectively FIPS certified and compliant. Community >projects such as CentOS, Scientific Linux, etc. do not necessarily meet FIPS certification and compliancy. >Therefore, non-certified vendors and/or projects do not meet this requirement even if technically feasible. ><br><br> >See <b><a href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm">http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm</a></b> >for a list of FIPS certified vendors.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_rpm_verify_hashes" id="rule-detail-idm45508566144880"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Verify File Hashes with RPMxccdf_org.ssgproject.content_rule_rpm_verify_hashes highCCE-27157-7 </div><div class="panel-heading"><h3 class="panel-title">Verify File Hashes with RPM</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_rpm_verify_hashes</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27157-7">CCE-27157-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010020</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86479r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.2.6</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.4.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.8</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.1</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000663</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(i)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-7(1)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-11.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Without cryptographic integrity protections, system >executables and files can be altered by unauthorized users without >detection. >The RPM package management system can check the hashes of >installed software packages, including many that are important to system >security. >To verify that the cryptographic hash of system files and commands match vendor >values, run the following command to list which files on the system >have hashes that differ from what is expected by the RPM database: ><pre>$ rpm -Va | grep '^..5'</pre> >A "c" in the second column indicates that a file is a configuration file, which >may appropriately be expected to change. If the file was not expected to >change, investigate the cause of the change using audit logs or other means. >The package can then be reinstalled to restore the file. >Run the following command to determine which package owns the file: ><pre>$ rpm -qf <i>FILENAME</i></pre> >The package can be reinstalled from a yum repository using the command: ><pre>$ sudo yum reinstall <i>PACKAGENAME</i></pre> >Alternatively, the package can be reinstalled from trusted media using the command: ><pre>$ sudo rpm -Uvh <i>PACKAGENAME</i></pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The hashes of important files like system executables should match the >information given by the RPM database. Executables with erroneous hashes could >be a sign of nefarious activity on the system.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled" id="rule-detail-idm45508566122224"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure gpgcheck Enabled For All Yum Package Repositoriesxccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled highCCE-26876-3 </div><div class="panel-heading"><h3 class="panel-title">Ensure gpgcheck Enabled For All Yum Package Repositories</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-26876-3">CCE-26876-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.4.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.8</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001749</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(i)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-5(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-1(b)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-6.2</a>, <a href="">366</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To ensure signature checking is not disabled for >any repos, remove any lines from files in <code>/etc/yum.repos.d</code> of the form: ><pre>gpgcheck=0</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Verifying the authenticity of the software prior to installation >validates the integrity of the patch or upgrade received from >a vendor. This ensures the software has not been tampered with and >that it has been provided by a trusted vendor. Self-signed >certificates are disallowed by this requirement. Certificates >used to verify the software must be from an approved Certificate >Authority (CA).</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-notchecked rule-detail-id-xccdf_org.ssgproject.content_rule_security_patches_up_to_date" id="rule-detail-idm45508566118496"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure Software Patches Installedxccdf_org.ssgproject.content_rule_security_patches_up_to_date highCCE-26895-3 </div><div class="panel-heading"><h3 class="panel-title">Ensure Software Patches Installed</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_security_patches_up_to_date</td></tr><tr><td>Result</td><td class="rule-result rule-result-notchecked"><div><abbr title="The Rule was not evaluated by the checking engine. This status is designed for Rule elements that have no check elements or that correspond to an unsupported checking system. It may also correspond to a status returned by a checking engine if the checking engine does not support the indicated check code.">notchecked</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-26895-3">CCE-26895-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-020260</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86623r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.8</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.4.1</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-1(b)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-6.2</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p> >If the system is joined to the Red Hat Network, a Red Hat Satellite Server, >or a yum server, run the following command to install updates: ><pre>$ sudo yum update</pre> >If the system is not configured to use one of these sources, updates (in the form of RPM packages) >can be manually downloaded from the Red Hat Network and installed using <code>rpm</code>. > ><br><br> >NOTE: U.S. Defense systems are required to be patched within 30 days or sooner as local policy >dictates.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Installing software updates is a fundamental mitigation against >the exploitation of publicly-known vulnerabilities. If the most >recent security patches and updates are not installed, unauthorized >users may take advantage of weaknesses in the unpatched software. The >lack of prompt attention to patching could result in a system compromise.</p></div></td></tr><tr><td colspan="2"><div class="evaluation-messages"><span class="label label-default"><abbr title="Messages taken from rule-result">Evaluation messages</abbr></span><div class="panel panel-default"><div class="panel-body"><span class="label label-primary">info</span> > <pre><message xmlns="http://checklists.nist.gov/xccdf/1.2" severity="info">None of the check-content-ref elements was resolvable.</message></pre></div></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_ensure_redhat_gpgkey_installed" id="rule-detail-idm45508566114448"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure Red Hat GPG Key Installedxccdf_org.ssgproject.content_rule_ensure_redhat_gpgkey_installed highCCE-26957-1 </div><div class="panel-heading"><h3 class="panel-title">Ensure Red Hat GPG Key Installed</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_ensure_redhat_gpgkey_installed</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-26957-1">CCE-26957-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.2.3</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.4.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.8</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001749</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(i)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-5(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-1(b)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-6.2</a>, <a href="">366</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To ensure the system can cryptographically verify base software >packages come from Red Hat (and to connect to the Red Hat Network to >receive them), the Red Hat GPG key must properly be installed. >To install the Red Hat GPG key, run: ><pre>$ sudo subscription-manager register</pre> >If the system is not connected to the Internet or an RHN Satellite, >then install the Red Hat GPG key from trusted media such as >the Red Hat installation CD-ROM or DVD. Assuming the disc is mounted >in <code>/media/cdrom</code>, use the following command as the root user to import >it into the keyring: ><pre>$ sudo rpm --import /media/cdrom/RPM-GPG-KEY</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Changes to software components can have significant effects on the >overall security of the operating system. This requirement ensures >the software has not been tampered with and that it has been provided >by a trusted vendor. The Red Hat GPG key is necessary to >cryptographically verify packages are from Red Hat.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated" id="rule-detail-idm45508566106048"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure gpgcheck Enabled In Main Yum Configurationxccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated highCCE-26989-4 </div><div class="panel-heading"><h3 class="panel-title">Ensure gpgcheck Enabled In Main Yum Configuration</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-26989-4">CCE-26989-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-020050</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86601r1_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.2.2</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.4.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.8</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001749</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(i)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-5(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-1(b)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-6.2</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000366-GPOS-00153</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The <code>gpgcheck</code> option controls whether >RPM packages' signatures are always checked prior to installation. >To configure yum to check package signatures before installing >them, ensure the following line appears in <code>/etc/yum.conf</code> in >the <code>[main]</code> section: ><pre>gpgcheck=1</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Changes to any software components can have significant effects on the overall security >of the operating system. This requirement ensures the software has not been tampered with >and that it has been provided by a trusted vendor. ><br> >Accordingly, patches, service packs, device drivers, or operating system components must >be signed with a certificate recognized and approved by the organization. ><br> >Verifying the authenticity of the software prior to installation >validates the integrity of the patch or upgrade received from >a vendor. This ensures the software has not been tampered with and >that it has been provided by a trusted vendor. Self-signed >certificates are disallowed by this requirement. Certificates >used to verify the software must be from an approved Certificate >Authority (CA).</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages" id="rule-detail-idm45508566102320"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure gpgcheck Enabled for Local Packagesxccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages highCCE-80347-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure gpgcheck Enabled for Local Packages</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80347-8">CCE-80347-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-020060</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86603r1_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.8</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001749</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(i)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-5(3)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000366-GPOS-00153</a></p></td></tr><tr><td>Description</td><td><div class="description"><p><code>Yum</code> should be configured to verify the signature(s) of local packages >prior to installation. To configure <code>yum</code> to verify signatures of local >packages, set the <code>localpkg_gpgcheck</code> to <code>1</code> in <code>/etc/yum.conf</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Changes to any software components can have significant effects to the overall security >of the operating system. This requirement ensures the software has not been tampered and >has been provided by a trusted vendor. ><br><br> >Accordingly, patches, service packs, device drivers, or operating system components must >be signed with a certificate recognized and approved by the organization.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_session_idle_user_locks" id="rule-detail-idm45508566095152"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure Users Cannot Change GNOME3 Session Idle Settingsxccdf_org.ssgproject.content_rule_dconf_gnome_session_idle_user_locks mediumCCE-80544-0 </div><div class="panel-heading"><h3 class="panel-title">Ensure Users Cannot Change GNOME3 Session Idle Settings</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_session_idle_user_locks</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80544-0">CCE-80544-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010082</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-87809r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.10</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000057</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-11(a)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-00029-GPOS-0010</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>If not already configured, ensure that users cannot change GNOME3 session idle settings >by adding <code>/org/gnome/desktop/session/idle-delay</code> >to <code>/etc/dconf/db/local.d/locks/00-security-settings-lock</code> to prevent user modification. >For example: ><pre>/org/gnome/desktop/session/idle-delay</pre> >After the settings have been set, run <code>dconf update</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate >physical vicinity of the information system but does not logout because of the temporary nature of the absence. >Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, >GNOME desktops can be configured to identify when a user's session has idled and take action to initiate the >session lock. As such, users should not be allowed to change session settings.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_delay" id="rule-detail-idm45508566091472"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set GNOME3 Screensaver Lock Delay After Activation Periodxccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_delay mediumCCE-80370-0 </div><div class="panel-heading"><h3 class="panel-title">Set GNOME3 Screensaver Lock Delay After Activation Period</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_delay</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80370-0">CCE-80370-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010110</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86525r2_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.10</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000056</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-11(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.1.8</a>, <a href="">OS-SRG-000029-GPOS-00010</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To activate the locking delay of the screensaver in the GNOME3 desktop when >the screensaver is activated, add or set <code>lock-delay</code> to <code>uint32 <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_screensaver_lock_delay">0</abbr></code> in ><code>/etc/dconf/db/local.d/00-security-settings</code>. For example: ><pre>[org/gnome/desktop/screensaver] >lock-delay=uint32 <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_screensaver_lock_delay">0</abbr> ></pre> >Once the setting has been added, add a lock to ><code>/etc/dconf/db/local.d/locks/00-security-settings-lock</code> to prevent user modification. >For example: ><pre>/org/gnome/desktop/screensaver/lock-delay</pre> >After the settings have been set, run <code>dconf update</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity >of the information system but does not want to logout because of the temporary nature of the absense.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_info" id="rule-detail-idm45508566086944"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable Full User Name on Splash Shieldxccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_info unknownCCE-80114-2 </div><div class="panel-heading"><h3 class="panel-title">Disable Full User Name on Splash Shield</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_info</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80114-2">CCE-80114-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>By default when the screen is locked, the splash shield will show the user's >full name. This should be disabled to prevent casual observers from seeing >who has access to the system. This can be disabled by adding or setting ><code>show-full-name-in-top-bar</code> to <code>false</code> in ><code>/etc/dconf/db/local.d/00-security-settings</code>. For example: ><pre>[org/gnome/desktop/screensaver] >show-full-name-in-top-bar=false ></pre> >Once the settings have been added, add a lock to ><code>/etc/dconf/db/local.d/locks/00-security-settings-lock</code> to prevent user modification. >For example: ><pre>/org/gnome/desktop/screensaver/show-full-name-in-top-bar</pre> >After the settings have been set, run <code>dconf update</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Setting the splash screen to not reveal the logged in user's name >conceals who has access to the system from passersby.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_locks" id="rule-detail-idm45508566083264"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure Users Cannot Change GNOME3 Screensaver Settingsxccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_locks mediumCCE-80371-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure Users Cannot Change GNOME3 Screensaver Settings</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_locks</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80371-8">CCE-80371-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010081</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-87807r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.10</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000057</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-11(a)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-00029-GPOS-0010</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>If not already configured, ensure that users cannot change GNOME3 screensaver lock settings >by adding <code>/org/gnome/desktop/screensaver/lock-delay</code> >to <code>/etc/dconf/db/local.d/locks/00-security-settings-lock</code> to prevent user modification. >For example: ><pre>/org/gnome/desktop/screensaver/lock-delay</pre> >After the settings have been set, run <code>dconf update</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate >physical vicinity of the information system but does not logout because of the temporary nature of the absence. >Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, >GNOME desktops can be configured to identify when a user's session has idled and take action to initiate the >session lock. As such, users should not be allowed to change session settings.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_activation_enabled" id="rule-detail-idm45508566077824"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Enable GNOME3 Screensaver Idle Activationxccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_activation_enabled mediumCCE-80111-8 </div><div class="panel-heading"><h3 class="panel-title">Enable GNOME3 Screensaver Idle Activation</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_activation_enabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80111-8">CCE-80111-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010100</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86523r3_rule</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.10</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000057</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-11(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.1.8</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000029-GPOS-00010</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To activate the screensaver in the GNOME3 desktop after a period of inactivity, >add or set <code>idle-activation-enabled</code> to <code>true</code> in ><code>/etc/dconf/db/local.d/00-security-settings</code>. For example: ><pre>[org/gnome/desktop/screensaver] >idle_activation_enabled=true</pre> >Once the setting has been added, add a lock to ><code>/etc/dconf/db/local.d/locks/00-security-settings-lock</code> to prevent user modification. >For example: ><pre>/org/gnome/desktop/screensaver/idle-activation-enabled</pre> >After the settings have been set, run <code>dconf update</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate >physical vicinity of the information system but does not logout because of the temporary nature of the absence. >Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, >GNOME desktops can be configured to identify when a user's session has idled and take action to initiate the >session lock. ><br><br> >Enabling idle activation of the screensaver ensures the screensaver will >be activated after the idle delay. Applications requiring continuous, >real-time screen display (such as network management products) require the >login session does not have administrator rights and the display station is located in a >controlled-access area.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_delay" id="rule-detail-idm45508566070608"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set GNOME3 Screensaver Inactivity Timeoutxccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_delay mediumCCE-80110-0 </div><div class="panel-heading"><h3 class="panel-title">Set GNOME3 Screensaver Inactivity Timeout</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_delay</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80110-0">CCE-80110-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010070</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86517r4_rule</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.10</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000057</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-11(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.1.8</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000029-GPOS-00010</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The idle time-out value for inactivity in the GNOME3 desktop is configured via the <code>idle-delay</code> >setting must be set under an appropriate configuration file(s) in the <code>/etc/dconf/db/local.d</code> directory >and locked in <code>/etc/dconf/db/local.d/locks</code> directory to prevent user modification. ><br><br> >For example, to configure the system for a 15 minute delay, add the following to ><code>/etc/dconf/db/local.d/00-security-settings</code>: ><pre>[org/gnome/desktop/session] >idle-delay='uint32 900'</pre> >Once the setting has been added, add a lock to ><code>/etc/dconf/db/local.d/locks/00-security-settings-lock</code> to prevent user modification. >For example: ><pre>/org/gnome/desktop/session/idle-delay</pre> >After the settings have been set, run <code>dconf update</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>A session time-out lock is a temporary action taken when a user stops work and moves away from >the immediate physical vicinity of the information system but does not logout because of the >temporary nature of the absence. Rather than relying on the user to manually lock their operating >system session prior to vacating the vicinity, GNOME3 can be configured to identify when >a user's session has idled and take action to initiate a session lock.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_mode_blank" id="rule-detail-idm45508566061968"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Implement Blank Screensaverxccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_mode_blank unknownCCE-80113-4 </div><div class="panel-heading"><h3 class="panel-title">Implement Blank Screensaver</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_mode_blank</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80113-4">CCE-80113-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.10</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000060</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-11(b)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.1.8</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To set the screensaver mode in the GNOME3 desktop to a blank screen, >add or set <code>picture-uri</code> to <code>string ''</code> in ><code>/etc/dconf/db/local.d/00-security-settings</code>. For example: ><pre>[org/gnome/desktop/screensaver] >picture-uri='' ></pre> >Once the settings have been added, add a lock to ><code>/etc/dconf/db/local.d/locks/00-security-settings-lock</code> to prevent user modification. >For example: ><pre>/org/gnome/desktop/screensaver/picture-uri</pre> >After the settings have been set, run <code>dconf update</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Setting the screensaver mode to blank-only conceals the >contents of the display from passersby.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_enabled" id="rule-detail-idm45508566056496"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Enable GNOME3 Screensaver Lock After Idle Periodxccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_enabled mediumCCE-80112-6 </div><div class="panel-heading"><h3 class="panel-title">Enable GNOME3 Screensaver Lock After Idle Period</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_enabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80112-6">CCE-80112-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010060</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86515r4_rule</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.10</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000056</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-11(b)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.1.8</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000028-GPOS-00009</a>, <a href="">OS-SRG-000030-GPOS-00011</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To activate locking of the screensaver in the GNOME3 desktop when it is activated, >add or set <code>lock-enabled</code> to <code>true</code> in ><code>/etc/dconf/db/local.d/00-security-settings</code>. For example: ><pre>[org/gnome/desktop/screensaver] >lock-enabled=true ></pre> >Once the settings have been added, add a lock to ><code>/etc/dconf/db/local.d/locks/00-security-settings-lock</code> to prevent user modification. >For example: ><pre>/org/gnome/desktop/screensaver/lock-enabled</pre> >After the settings have been set, run <code>dconf update</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity >of the information system but does not want to logout because of the temporary nature of the absense.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_gnome_gdm_disable_automatic_login" id="rule-detail-idm45508566020928"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable GDM Automatic Loginxccdf_org.ssgproject.content_rule_gnome_gdm_disable_automatic_login highCCE-80104-3 </div><div class="panel-heading"><h3 class="panel-title">Disable GDM Automatic Login</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_gnome_gdm_disable_automatic_login</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80104-3">CCE-80104-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010440</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86577r1_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00229</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The GNOME Display Manager (GDM) can allow users to automatically login without >user interaction or credentials. User should always be required to authenticate themselves >to the system that they are authorized to use. To disable user ability to automatically >login to the system, set the <code>AutomaticLoginEnable</code> to <code>false</code> in the ><code>[daemon]</code> section in <code>/etc/gdm/custom.conf</code>. For example: ><pre>[daemon] >AutomaticLoginEnable=false</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Failure to restrict system access to authenticated users negatively impacts operating >system security.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_login_retries" id="rule-detail-idm45508566017200"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set the GNOME3 Login Number of Failuresxccdf_org.ssgproject.content_rule_dconf_gnome_login_retries mediumCCE-80109-2 </div><div class="panel-heading"><h3 class="panel-title">Set the GNOME3 Login Number of Failures</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_login_retries</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80109-2">CCE-80109-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.8</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>In the default graphical environment, the GNOME3 login >screen and be configured to restart the authentication process after >a configured number of attempts. This can be configured by setting ><code>allowed-failures</code> to <code>3</code> or less. ><br><br> >To enable, add or edit <code>allowed-failures</code> to ><code>/etc/dconf/db/gdm.d/00-security-settings</code>. For example: ><pre>[org/gnome/login-screen] >allowed-failures=3</pre> >Once the setting has been added, add a lock to ><code>/etc/dconf/db/gdm.d/locks/00-security-settings-lock</code> to prevent user modification. >For example: ><pre>/org/gnome/login-screen/allowed-failures</pre> >After the settings have been set, run <code>dconf update</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Setting the password retry prompts that are permitted on a per-session basis to a low value >requires some software, such as SSH, to re-connect. This can slow down and >draw additional attention to some types of password-guessing attacks.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_gnome_gdm_disable_guest_login" id="rule-detail-idm45508566009440"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable GDM Guest Loginxccdf_org.ssgproject.content_rule_gnome_gdm_disable_guest_login highCCE-80105-0 </div><div class="panel-heading"><h3 class="panel-title">Disable GDM Guest Login</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_gnome_gdm_disable_guest_login</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80105-0">CCE-80105-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010450</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86579r2_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00229</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The GNOME Display Manager (GDM) can allow users to login without credentials >which can be useful for public kiosk scenarios. Allowing users to login without credentials >or "guest" account access has inherent security risks and should be disabled. To do disable >timed logins or guest account access, set the <code>TimedLoginEnable</code> to <code>false</code> in >the <code>[daemon]</code> section in <code>/etc/gdm/custom.conf</code>. For example: ><pre>[daemon] >TimedLoginEnable=false</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Failure to restrict system access to authenticated users negatively impacts operating >system security.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_rsyslog_remote_loghost" id="rule-detail-idm45508565988592"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure Logs Sent To Remote Hostxccdf_org.ssgproject.content_rule_rsyslog_remote_loghost unknownCCE-27343-3 </div><div class="panel-heading"><h3 class="panel-title">Ensure Logs Sent To Remote Host</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_rsyslog_remote_loghost</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27343-3">CCE-27343-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-031000</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86833r1_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">4.2.1.4</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001348</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000136</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001851</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(6)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(8)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.314(a)(2)(i)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.314(a)(2)(iii)</a>, <a href="https://www.iso.org/standard/54534.html">A.12.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-9</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To configure rsyslog to send logs to a remote log server, >open <code>/etc/rsyslog.conf</code> and read and understand the last section of the file, >which describes the multiple directives necessary to activate remote >logging. >Along with these other directives, the system can be configured >to forward its logs to a particular log server by >adding or correcting one of the following lines, >substituting <code><i>loghost.example.com</i></code> appropriately. >The choice of protocol depends on the environment of the system; >although TCP and RELP provide more reliable message delivery, >they may not be supported in all environments. ><br> >To use UDP for log message delivery: ><pre>*.* @<i>loghost.example.com</i></pre> ><br> >To use TCP for log message delivery: ><pre>*.* @@<i>loghost.example.com</i></pre> ><br> >To use RELP for log message delivery: ><pre>*.* :omrelp:<i>loghost.example.com</i></pre> ><br> >There must be a resolvable DNS CNAME or Alias record set to "<abbr title="from TestResult: xccdf_org.ssgproject.content_value_rsyslog_remote_loghost_address">logcollector</abbr>" for logs to be sent correctly to the centralized logging utility.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>A log server (loghost) receives syslog messages from one or more >systems. This data can be used as an additional log source in the event a >system is compromised and its local logs are suspect. Forwarding log messages >to a remote loghost also provides system administrators with a centralized >place to view the status of multiple hosts within the enterprise.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_rsyslog_cron_logging" id="rule-detail-idm45508565977776"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure cron Is Logging To Rsyslogxccdf_org.ssgproject.content_rule_rsyslog_cron_logging mediumCCE-80380-9 </div><div class="panel-heading"><h3 class="panel-title">Ensure cron Is Logging To Rsyslog</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_rsyslog_cron_logging</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80380-9">CCE-80380-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-021100</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86675r1_rule</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Cron logging must be implemented to spot intrusions or trace >cron job status. If <code>cron</code> is not logging to <code>rsyslog</code>, it >can be implemented by adding the following to the <i>RULES</i> section of ><code>/etc/rsyslog.conf</code>: ><pre>cron.* /var/log/cron</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Cron logging can be used to trace the successful or unsuccessful execution >of cron jobs. It can also be used to spot intrusions into the use of the cron >facility by unauthorized and malicious users.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_set_firewalld_default_zone" id="rule-detail-idm45508565906384"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Default firewalld Zone for Incoming Packetsxccdf_org.ssgproject.content_rule_set_firewalld_default_zone mediumCCE-27349-0 </div><div class="panel-heading"><h3 class="panel-title">Set Default firewalld Zone for Incoming Packets</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_set_firewalld_default_zone</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27349-0">CCE-27349-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-040810</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86939r2_rule</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.13.6</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To set the default zone to <code>drop</code> for >the built-in default zone which processes incoming IPv4 and IPv6 packets, >modify the following line in ><code>/etc/firewalld/firewalld.conf</code> to be: ><pre>DefaultZone=drop</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>In <code>firewalld</code> the default zone is applied only after all >the applicable rules in the table are examined for a match. Setting the >default zone to <code>drop</code> implements proper design for a firewall, i.e. >any packets which are not explicitly permitted should not be >accepted.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_service_firewalld_enabled" id="rule-detail-idm45508565897936"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Verify firewalld Enabledxccdf_org.ssgproject.content_rule_service_firewalld_enabled mediumCCE-27361-5 </div><div class="panel-heading"><h3 class="panel-title">Verify firewalld Enabled</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_service_firewalld_enabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27361-5">CCE-27361-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-040520</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86897r1_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">4.7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p> The <code>firewalld</code> service can be enabled with the following command: <pre>$ sudo systemctl enable firewalld.service</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Access control methods provide the ability to enhance system security posture >by restricting services and known good IP addresses and address ranges. This >prevents connections from unknown hosts and protocols.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_grub2_password" id="rule-detail-idm45508565826848"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Boot Loader Password in grub2xccdf_org.ssgproject.content_rule_grub2_password highCCE-27309-4 </div><div class="panel-heading"><h3 class="panel-title">Set Boot Loader Password in grub2</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_grub2_password</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27309-4">CCE-27309-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010480</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86585r4_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.4.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000213</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000080-GPOS-00048</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The grub2 boot loader should have a superuser account and password >protection enabled to protect boot-time settings. ><br><br> >To do so, select a superuser account name and password and and modify the ><code>/etc/grub.d/01_users</code> configuration file with the new account name. ><br><br> >Since plaintext passwords are a security risk, generate a hash for the pasword >by running the following command: ><pre>$ grub2-setpassword</pre> >When prompted, enter the password that was selected. ><br><br> >NOTE: It is recommended not to use common administrator account names like root, >admin, or administrator for the grub2 superuser account. ><br><br> >Change the superuser to a different username (The default is 'root'). ><pre>$ sed -i s/root/bootuser/g /etc/grub.d/01_users</pre> ><br><br> >To meet FISMA Moderate, the bootloader superuser account and password MUST >differ from the root account and password. >Once the superuser account and password have been added, >update the ><code>grub.cfg</code> file by running: ><pre>grub2-mkconfig -o /boot/grub2/grub.cfg</pre> >NOTE: Do NOT manually add the superuser account and password to the ><code>grub.cfg</code> file as the grub2-mkconfig command overwrites this file.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Password protection on the boot loader configuration ensures >users with physical access cannot trivially alter >important bootloader settings. These include which kernel to use, >and whether to enter single-user mode. For more information on how to configure >the grub2 superuser account and password, please refer to ><ul><li><a href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Protecting_GRUB_2_with_a_Password.html">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Protecting_GRUB_2_with_a_Password.html</a></li>. ></ul></p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> > To prevent hard-coded passwords, automatic remediation of this control is not available. Remediation >must be automated as a component of machine provisioning, or followed manually as outlined above.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_grub2_uefi_password" id="rule-detail-idm45508565807808"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set the UEFI Boot Loader Passwordxccdf_org.ssgproject.content_rule_grub2_uefi_password mediumCCE-80354-4 </div><div class="panel-heading"><h3 class="panel-title">Set the UEFI Boot Loader Password</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_grub2_uefi_password</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80354-4">CCE-80354-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010490</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86587r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.4.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000213</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000080-GPOS-00048</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The grub2 boot loader should have a superuser account and password >protection enabled to protect boot-time settings. ><br><br> >To do so, select a superuser account name and password and and modify the ><code>/etc/grub.d/01_users</code> configuration file with the new account name. ><br><br> >Since plaintext passwords are a security risk, generate a hash for the pasword >by running the following command: ><pre>$ grub2-setpassword</pre> >When prompted, enter the password that was selected. ><br><br> >NOTE: It is recommended not to use common administrator account names like root, >admin, or administrator for the grub2 superuser account. ><br><br> >Change the superuser to a different username (The default is 'root'). ><pre>$ sed -i s/root/bootuser/g /etc/grub.d/01_users</pre> ><br><br> >To meet FISMA Moderate, the bootloader superuser account and password MUST >differ from the root account and password. >Once the superuser account and password have been added, >update the ><code>grub.cfg</code> file by running: ><pre>grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre> >NOTE: Do NOT manually add the superuser account and password to the ><code>grub.cfg</code> file as the grub2-mkconfig command overwrites this file.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Password protection on the boot loader configuration ensures >users with physical access cannot trivially alter >important bootloader settings. These include which kernel to use, >and whether to enter single-user mode. For more information on how to configure >the grub2 superuser account and password, please refer to ><ul><li><a href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Protecting_GRUB_2_with_a_Password.html">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Protecting_GRUB_2_with_a_Password.html</a></li>. ></ul></p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> > To prevent hard-coded passwords, automatic remediation of this control is not available. Remediation >must be automated as a component of machine provisioning, or followed manually as outlined above.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_selinux_policytype" id="rule-detail-idm45508565256096"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure SELinux Policyxccdf_org.ssgproject.content_rule_selinux_policytype highCCE-27279-9 </div><div class="panel-heading"><h3 class="panel-title">Configure SELinux Policy</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_selinux_policytype</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27279-9">CCE-27279-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-020220</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86615r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.6.1.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.7.2</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002696</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-4</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-9</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-6(a)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000445-GPOS-00199</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The SELinux <code>targeted</code> policy is appropriate for >general-purpose desktops and servers, as well as systems in many other roles. >To configure the system to use this policy, add or correct the following line >in <code>/etc/selinux/config</code>: ><pre>SELINUXTYPE=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_selinux_policy_name">targeted</abbr></pre> >Other policies, such as <code>mls</code>, provide additional security labeling >and greater confinement but are not compatible with many general-purpose >use cases.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Setting the SELinux policy to <code>targeted</code> or a more specialized policy >ensures the system will confine processes that are likely to be >targeted for exploitation, such as network or system services. ><br><br> >Note: During the development or debugging of SELinux modules, it is common to >temporarily place non-production systems in <code>permissive</code> mode. In such >temporary cases, SELinux policies should be developed, and once work >is completed, the system should be reconfigured to ><code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_selinux_policy_name">targeted</abbr></code>.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_selinux_confinement_of_daemons" id="rule-detail-idm45508565249232"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure No Daemons are Unconfined by SELinuxxccdf_org.ssgproject.content_rule_selinux_confinement_of_daemons mediumCCE-27288-0 </div><div class="panel-heading"><h3 class="panel-title">Ensure No Daemons are Unconfined by SELinux</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_selinux_confinement_of_daemons</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27288-0">CCE-27288-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.6.1.6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.7.2</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-9</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Daemons for which the SELinux policy does not contain rules will inherit the >context of the parent process. Because daemons are launched during >startup and descend from the <code>init</code> process, they inherit the <code>initrc_t</code> context. ><br> ><br> >To check for unconfined daemons, run the following command: ><pre>$ sudo ps -eZ | egrep "initrc" | egrep -vw "tr|ps|egrep|bash|awk" | tr ':' ' ' | awk '{ print $NF }'</pre> >It should produce no output in a well-configured system.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Daemons which run with the <code>initrc_t</code> context may cause AVC denials, >or allow privileges that the daemon does not require.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_selinux_all_devicefiles_labeled" id="rule-detail-idm45508565245504"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure No Device Files are Unlabeled by SELinuxxccdf_org.ssgproject.content_rule_selinux_all_devicefiles_labeled mediumCCE-27326-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure No Device Files are Unlabeled by SELinux</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_selinux_all_devicefiles_labeled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27326-8">CCE-27326-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-020900</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86663r1_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.7.2</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000022</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000032</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000368</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000318</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001812</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001813</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001814</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-9</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-3(f)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Device files, which are used for communication with important >system resources, should be labeled with proper SELinux types. If any device >files do not carry the SELinux type <code>device_t</code>, report the bug so >that policy can be corrected. Supply information about what the device is >and what programs use it. ><br><br> >To check for unlabeled device files, run the following command: ><pre>$ sudo find /dev -context *:device_t:* \( -type c -o -type b \) -printf "%p %Z\n"</pre> >It should produce no output in a well-configured system.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>If a device file carries the SELinux type <code>device_t</code>, then SELinux >cannot properly restrict access to the device file.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_selinux_state" id="rule-detail-idm45508565239488"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure SELinux State is Enforcingxccdf_org.ssgproject.content_rule_selinux_state highCCE-27334-2 </div><div class="panel-heading"><h3 class="panel-title">Ensure SELinux State is Enforcing</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_selinux_state</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27334-2">CCE-27334-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-020210</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86613r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.6.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.7.2</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002165</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002696</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-4</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-9</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-6(a)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000445-GPOS-00199</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The SELinux state should be set to <code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_selinux_state">enforcing</abbr></code> at >system boot time. In the file <code>/etc/selinux/config</code>, add or correct the >following line to configure the system to boot into enforcing mode: ><pre>SELINUX=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_selinux_state">enforcing</abbr></pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Setting the SELinux state to enforcing ensures SELinux is able to confine >potentially compromised processes to the security policy, which is designed to >prevent them from causing damage to the system or further elevating their >privileges.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs" id="rule-detail-idm45508565226256"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Password Minimum Length in login.defsxccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs mediumCCE-27123-9 </div><div class="panel-heading"><h3 class="panel-title">Set Password Minimum Length in login.defs</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27123-9">CCE-27123-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.6.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.5.7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(f)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To specify password length requirements for new accounts, >edit the file <code>/etc/login.defs</code> and add or correct the following >line: ><pre>PASS_MIN_LEN <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_password_minlen_login_defs">15</abbr></pre> ><br><br> >The DoD requirement is <code>15</code>. >The FISMA requirement is <code>12</code>. >The profile requirement is <code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_password_minlen_login_defs">15</abbr></code>. >If a program consults <code>/etc/login.defs</code> and also another PAM module >(such as <code>pam_pwquality</code>) during a password change operation, >then the most restrictive must be satisfied. See PAM section >for more information about enforcing password quality requirements.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Requiring a minimum password length makes password >cracking attacks more difficult by ensuring a larger >search space. However, any security benefit from an onerous requirement >must be carefully weighed against usability problems, support costs, or counterproductive >behavior that may result.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_no_empty_passwords" id="rule-detail-idm45508565186672"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Prevent Log In to Accounts With Empty Passwordxccdf_org.ssgproject.content_rule_no_empty_passwords highCCE-27286-4 </div><div class="panel-heading"><h3 class="panel-title">Prevent Log In to Accounts With Empty Password</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27286-4">CCE-27286-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010290</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86561r2_rule</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.2.3</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>If an account is configured for password authentication >but does not have an assigned password, it may be possible to log >into the account without authentication. Remove any instances of the <code>nullok</code> >option in <code>/etc/pam.d/system-auth</code> to >prevent logins with empty passwords.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>If an account has an empty password, anyone could log in and >run commands with the privileges of that account. Accounts with >empty passwords should never be used in operational environments.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_tmout" id="rule-detail-idm45508565131200"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Interactive Session Timeoutxccdf_org.ssgproject.content_rule_accounts_tmout mediumCCE-27557-8 </div><div class="panel-heading"><h3 class="panel-title">Set Interactive Session Timeout</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_tmout</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27557-8">CCE-27557-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-040160</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86847r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.11</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001133</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000361</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-12</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-10</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000163-GPOS-00072</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Setting the <code>TMOUT</code> option in <code>/etc/profile</code> ensures that >all user sessions will terminate based on inactivity. The <code>TMOUT</code> >setting in <code>/etc/profile</code> should read as follows: ><pre>TMOUT=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_tmout">600</abbr></pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Terminating an idle session within a short time period reduces >the window of opportunity for unauthorized personnel to take control of a >management session enabled on the console or console port that has been >left unattended.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_package_screen_installed" id="rule-detail-idm45508565110016"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Install the screen Packagexccdf_org.ssgproject.content_rule_package_screen_installed mediumCCE-27351-6 </div><div class="panel-heading"><h3 class="panel-title">Install the screen Package</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_package_screen_installed</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27351-6">CCE-27351-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010090</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86521r1_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.10</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000057</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-11(a)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000029-GPOS-00010</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To enable console screen locking, install the <code>screen</code> package: ><pre>$ sudo yum install screen</pre> >Instruct users to begin new terminal sessions with the following command: ><pre>$ screen</pre> >The console can now be locked with the following key combination: ><pre>ctrl+a x</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate >physical vicinity of the information system but des not logout because of the temporary nature of the absence. >Rather than relying on the user to manually lock their operation system session prior to vacating the vicinity, >operating systems need to be able to identify when a user's session has idled and take action to initiate the >session lock. ><br><br> >The <code>screen</code> package allows for a session lock to be implemented and configured.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_require_singleuser_auth" id="rule-detail-idm45508565099216"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Require Authentication for Single User Modexccdf_org.ssgproject.content_rule_require_singleuser_auth mediumCCE-27287-2 </div><div class="panel-heading"><h3 class="panel-title">Require Authentication for Single User Mode</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_require_singleuser_auth</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27287-2">CCE-27287-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010481</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-92519r1_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.4.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000213</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000080-GPOS-00048</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010481</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-92519r1_rule</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Single-user mode is intended as a system recovery >method, providing a single user root access to the system by >providing a boot option at startup. By default, no authentication >is performed if single-user mode is selected. ><br><br> >By default, single-user mode is protected by requiring a password and is set >in <code>/usr/lib/systemd/system/rescue.service</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>This prevents attackers with physical access from trivially bypassing security >on the machine and gaining root access. Such accesses are further prevented >by configuring the bootloader password.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot" id="rule-detail-idm45508565093168"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Verify that Interactive Boot is Disabledxccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot mediumCCE-27335-9 </div><div class="panel-heading"><h3 class="panel-title">Verify that Interactive Boot is Disabled</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27335-9">CCE-27335-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000213</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Red Hat Enterprise Linux systems support an "interactive boot" option that can >be used to prevent services from being started. On a Red Hat Enterprise Linux 7 >system, interactive boot can be enabled by providing a <code>1</code>, ><code>yes</code>, <code>true</code>, or <code>on</code> value to the ><code>systemd.confirm_spawn</code> kernel argument in <code>/etc/default/grub</code>. >Remove any instance of <pre>systemd.confirm_spawn=(1|yes|true|on)</pre> from >the kernel arguments in that file to disable interactive boot.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Using interactive boot, the console user could disable auditing, firewalls, >or other services, weakening system security.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-notchecked rule-detail-id-xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" id="rule-detail-idm45508565085360"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable debug-shell SystemD Servicexccdf_org.ssgproject.content_rule_service_debug-shell_disabled mediumCCE-80206-6 </div><div class="panel-heading"><h3 class="panel-title">Disable debug-shell SystemD Service</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_service_debug-shell_disabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-notchecked"><div><abbr title="The Rule was not evaluated by the checking engine. This status is designed for Rule elements that have no check elements or that correspond to an unsupported checking system. It may also correspond to a status returned by a checking engine if the checking engine does not support the indicated check code.">notchecked</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80206-6">CCE-80206-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>SystemD's <code>debug-shell</code> service is intended to >diagnose SystemD related boot issues with various <code>systemctl</code> >commands. Once enabled and following a system reboot, the root shell >will be available on <code>tty9</code> which is access by pressing ><code>CTRL-ALT-F9</code>. The <code>debug-shell</code> service should only be used >for SystemD related issues and should otherwise be disabled. ><br><br> >By default, the <code>debug-shell</code> SystemD service is disabled. > >The <code>debug-shell</code> service can be disabled with the following command: ><pre>$ sudo systemctl disable debug-shell.service</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>This prevents attackers with physical access from trivially bypassing security >on the machine through valid troubleshooting configurations and gaining root >access when the system is rebooted.</p></div></td></tr><tr><td colspan="2"><div class="evaluation-messages"><span class="label label-default"><abbr title="Messages taken from rule-result">Evaluation messages</abbr></span><div class="panel panel-default"><div class="panel-body"><span class="label label-primary">info</span> > <pre><message xmlns="http://checklists.nist.gov/xccdf/1.2" severity="info">No candidate or applicable check found.</message></pre></div></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_banner_enabled" id="rule-detail-idm45508565082672"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Enable GNOME3 Login Warning Bannerxccdf_org.ssgproject.content_rule_dconf_gnome_banner_enabled mediumCCE-26970-4 </div><div class="panel-heading"><h3 class="panel-title">Enable GNOME3 Login Warning Banner</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_banner_enabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-26970-4">CCE-26970-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010030</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86483r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.7.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.9</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000048</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)(3)</a>, <a href="">OS-SRG-000023-GPOS-00006</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000024-GPOS-00007</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000228-GPOS-00088</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>In the default graphical environment, displaying a login warning banner >in the GNOME Display Manager's login screen can be enabled on the login >screen by setting <code>banner-message-enable</code> to <code>true</code>. ><br><br> >To enable, add or edit <code>banner-message-enable</code> to ><code>/etc/dconf/db/gdm.d/00-security-settings</code>. For example: ><pre>[org/gnome/login-screen] >banner-message-enable=true</pre> >Once the setting has been added, add a lock to ><code>/etc/dconf/db/gdm.d/locks/00-security-settings-lock</code> to prevent user modification. >For example: ><pre>/org/gnome/login-screen/banner-message-enable</pre> >After the settings have been set, run <code>dconf update</code>. >The banner text must also be set.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Display of a standardized and approved use notification before granting access to the operating system >ensures privacy and security notification verbiage used is consistent with applicable federal laws, >Executive Orders, directives, policies, regulations, standards, and guidance. ><br><br> >For U.S. Government systems, system use notifications are required only for access via login interfaces >with human users and are not required when such human interfaces do not exist.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_login_banner_text" id="rule-detail-idm45508565078592"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set the GNOME3 Login Warning Banner Textxccdf_org.ssgproject.content_rule_dconf_gnome_login_banner_text mediumCCE-26892-0 </div><div class="panel-heading"><h3 class="panel-title">Set the GNOME3 Login Warning Banner Text</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_login_banner_text</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-26892-0">CCE-26892-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010040</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86485r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.7.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.9</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000048</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000023-GPOS-00006</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000024-GPOS-00007</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000228-GPOS-00088</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>In the default graphical environment, configuring the login warning banner text >in the GNOME Display Manager's login screen can be configured on the login >screen by setting <code>banner-message-text</code> to <code>string '<i>APPROVED_BANNER</i>'</code> >where <i>APPROVED_BANNER</i> is the approved banner for your environment. ><br><br> >To enable, add or edit <code>banner-message-text</code> to ><code>/etc/dconf/db/gdm.d/00-security-settings</code>. For example: ><pre>[org/gnome/login-screen] >banner-message-text='<i>APPROVED_BANNER</i>'</pre> >Once the setting has been added, add a lock to ><code>/etc/dconf/db/gdm.d/locks/00-security-settings-lock</code> to prevent user modification. >For example: ><pre>/org/gnome/login-screen/banner-message-text</pre> >After the settings have been set, run <code>dconf update</code>. >When entering a warning banner that spans several lines, remember >to begin and end the string with <code>'</code> and use <code>\n</code> for new lines.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>An appropriate warning message reinforces policy awareness during the logon >process and facilitates possible legal action against attackers.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_banner_etc_issue" id="rule-detail-idm45508565070608"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Modify the System Login Bannerxccdf_org.ssgproject.content_rule_banner_etc_issue mediumCCE-27303-7 </div><div class="panel-heading"><h3 class="panel-title">Modify the System Login Banner</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_banner_etc_issue</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27303-7">CCE-27303-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010050</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86487r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.7.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.9</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000048</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)(3)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000023-GPOS-00006</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000024-GPOS-00007</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To configure the system login banner edit <code>/etc/issue</code>. Replace >the default text with a message compliant with the local site policy >or a legal disclaimer. > >The DoD required text is either: ><br><br> ><code>You are accessing a U.S. Government (USG) Information System (IS) that is >provided for USG-authorized use only. By using this IS (which includes any >device attached to this IS), you consent to the following conditions: ><br>-The USG routinely intercepts and monitors communications on this IS for purposes >including, but not limited to, penetration testing, COMSEC monitoring, network >operations and defense, personnel misconduct (PM), law enforcement (LE), and >counterintelligence (CI) investigations. ><br>-At any time, the USG may inspect and seize data stored on this IS. ><br>-Communications using, or data stored on, this IS are not private, are subject >to routine monitoring, interception, and search, and may be disclosed or used >for any USG-authorized purpose. ><br>-This IS includes security measures (e.g., authentication and access controls) >to protect USG interests -- not for your personal benefit or privacy. ><br>-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative >searching or monitoring of the content of privileged communications, or work >product, related to personal representation or services by attorneys, >psychotherapists, or clergy, and their assistants. Such communications and work >product are private and confidential. See User Agreement for details.</code> ><br><br> >OR: ><br><br> ><code>I've read & consent to terms in IS user agreem't.</code></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Display of a standardized and approved use notification before granting access to the operating system >ensures privacy and security notification verbiage used is consistent with applicable federal laws, >Executive Orders, directives, policies, regulations, standards, and guidance. ><br><br> >System use notifications are required only for access via login interfaces with human users and >are not required when such human interfaces do not exist.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny_root" id="rule-detail-idm45508565058992"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure the root Account for Failed Password Attemptsxccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny_root mediumCCE-80353-6 </div><div class="panel-heading"><h3 class="panel-title">Configure the root Account for Failed Password Attempts</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny_root</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80353-6">CCE-80353-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010330</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86569r2_rule</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002238</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(b)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000329-GPOS-00128</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000021-GPOS-00005</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To configure the system to lock out the <code>root</code> account after a number of incorrect login >attempts using <code>pam_faillock.so</code>, modify the content of both ><code>/etc/pam.d/system-auth</code> and <code>/etc/pam.d/password-auth</code> as follows: ><br><br> ><ul><li>Modify the following line in the <code>AUTH</code> section to add <code>even_deny_root</code>: ><pre>auth required pam_faillock.so preauth silent <b>even_deny_root</b> deny=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_deny">3</abbr> unlock_time=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_unlock_time">never</abbr> fail_interval=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_fail_interval">900</abbr></pre></li><li>Modify the following line in the <code>AUTH</code> section to add <code>even_deny_root</code>: ><pre>auth [default=die] pam_faillock.so authfail <b>even_deny_root</b> deny=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_deny">3</abbr> unlock_time=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_unlock_time">never</abbr> fail_interval=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_fail_interval">900</abbr></pre></li></ul></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password >guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time" id="rule-detail-idm45508565055232"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Lockout Time For Failed Password Attemptsxccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time mediumCCE-26884-7 </div><div class="panel-heading"><h3 class="panel-title">Set Lockout Time For Failed Password Attempts</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-26884-7">CCE-26884-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010320</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86567r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.3.2</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.8</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002238</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(b)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.1.7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000329-GPOS-00128</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000021-GPOS-00005</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To configure the system to lock out accounts after a number of incorrect login >attempts and require an administrator to unlock the account using <code>pam_faillock.so</code>, >modify the content of both <code>/etc/pam.d/system-auth</code> and <code>/etc/pam.d/password-auth</code> as follows: ><br><br> ><ul><li> add the following line immediately <code>before</code> the <code>pam_unix.so</code> statement in the <code>AUTH</code> section: ><pre>auth required pam_faillock.so preauth silent deny=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_deny">3</abbr> unlock_time=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_unlock_time">never</abbr> fail_interval=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_fail_interval">900</abbr></pre></li><li> add the following line immediately <code>after</code> the <code>pam_unix.so</code> statement in the <code>AUTH</code> section: ><pre>auth [default=die] pam_faillock.so authfail deny=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_deny">3</abbr> unlock_time=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_unlock_time">never</abbr> fail_interval=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_fail_interval">900</abbr></pre></li><li> add the following line immediately <code>before</code> the <code>pam_unix.so</code> statement in the <code>ACCOUNT</code> section: ><pre>account required pam_faillock.so</pre></li></ul></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Locking out user accounts after a number of incorrect attempts >prevents direct password guessing attacks. Ensuring that an administrator is >involved in unlocking locked accounts draws appropriate attention to such >situations.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval" id="rule-detail-idm45508565048304"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Interval For Counting Failed Password Attemptsxccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval mediumCCE-27297-1 </div><div class="panel-heading"><h3 class="panel-title">Set Interval For Counting Failed Password Attempts</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27297-1">CCE-27297-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010320</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86567r3_rule</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002238</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(b)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000329-GPOS-00128</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000021-GPOS-00005</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Utilizing <code>pam_faillock.so</code>, the <code>fail_interval</code> directive >configures the system to lock out an accounts after a number of incorrect login >attempts within a specified time period. Modify the content of both ><code>/etc/pam.d/system-auth</code> and <code>/etc/pam.d/password-auth</code> as follows: ><br><br> ><ul><li>Add the following line immediately <code>before</code> the <code>pam_unix.so</code> statement in the <code>AUTH</code> section: ><pre>auth required pam_faillock.so preauth silent deny=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_deny">3</abbr> unlock_time=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_unlock_time">never</abbr> fail_interval=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_fail_interval">900</abbr></pre></li><li>Add the following line immediately <code>after</code> the <code>pam_unix.so</code> statement in the <code>AUTH</code> section: ><pre>auth [default=die] pam_faillock.so authfail deny=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_deny">3</abbr> unlock_time=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_unlock_time">never</abbr> fail_interval=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_fail_interval">900</abbr></pre></li><li>Add the following line immediately <code>before</code> the <code>pam_unix.so</code> statement in the <code>ACCOUNT</code> section: ><pre>account required pam_faillock.so</pre></li></ul></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>By limiting the number of failed logon attempts the risk of unauthorized system >access via user password guessing, otherwise known as brute-forcing, is reduced. >Limits are imposed by locking the account.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny" id="rule-detail-idm45508565043680"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Deny For Failed Password Attemptsxccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny mediumCCE-27350-8 </div><div class="panel-heading"><h3 class="panel-title">Set Deny For Failed Password Attempts</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27350-8">CCE-27350-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010320</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86567r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.3.2</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.8</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002238</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(b)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.1.6</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000329-GPOS-00128</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000021-GPOS-00005</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To configure the system to lock out accounts after a number of incorrect login >attempts using <code>pam_faillock.so</code>, modify the content of both ><code>/etc/pam.d/system-auth</code> and <code>/etc/pam.d/password-auth</code> as follows: ><br><br> ><ul><li> add the following line immediately <code>before</code> the <code>pam_unix.so</code> statement in the <code>AUTH</code> section: ><pre>auth required pam_faillock.so preauth silent deny=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_deny">3</abbr> unlock_time=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_unlock_time">never</abbr> fail_interval=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_fail_interval">900</abbr></pre></li><li> add the following line immediately <code>after</code> the <code>pam_unix.so</code> statement in the <code>AUTH</code> section: ><pre>auth [default=die] pam_faillock.so authfail deny=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_deny">3</abbr> unlock_time=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_unlock_time">never</abbr> fail_interval=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_fail_interval">900</abbr></pre></li><li> add the following line immediately <code>before</code> the <code>pam_unix.so</code> statement in the <code>ACCOUNT</code> section: ><pre>account required pam_faillock.so</pre></li></ul></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Locking out user accounts after a number of incorrect attempts >prevents direct password guessing attacks.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen" id="rule-detail-idm45508565039136"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Password Minimum Lengthxccdf_org.ssgproject.content_rule_accounts_password_pam_minlen mediumCCE-27293-0 </div><div class="panel-heading"><h3 class="panel-title">Set Password Minimum Length</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27293-0">CCE-27293-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010280</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86559r1_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">6.3.2</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.6.2.1.1</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000205</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.2.3</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000078-GPOS-00046</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The pam_pwquality module's <code>minlen</code> parameter controls requirements for >minimum characters required in a password. Add <code>minlen=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_minlen">12</abbr></code> >after pam_pwquality to set minimum password length requirements.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The shorter the password, the lower the number of possible combinations >that need to be tested before the password is compromised. ><br> >Password complexity, or strength, is a measure of the effectiveness of a >password in resisting attempts at guessing and brute-force attacks. >Password length is one factor of several that helps to determine strength >and how long it takes to crack a password. Use of more characters in a password >helps to exponentially increase the time and/or resources required to >compromose the password.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit" id="rule-detail-idm45508565029904"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Password Strength Minimum Digit Charactersxccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit mediumCCE-27214-6 </div><div class="panel-heading"><h3 class="panel-title">Set Password Strength Minimum Digit Characters</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27214-6">CCE-27214-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010140</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86531r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">6.3.2</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000194</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">194</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.2.3</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000071-GPOS-00039</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The pam_pwquality module's <code>dcredit</code> parameter controls requirements for >usage of digits in a password. When set to a negative number, any password will be required to >contain that many digits. When set to a positive number, pam_pwquality will grant +1 additional >length credit for each digit. Modify the <code>dcredit</code> setting in ><code>/etc/security/pwquality.conf</code> to require the use of a digit in passwords.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Use of a complex password helps to increase the time and resources required >to compromise the password. Password complexity, or strength, is a measure of >the effectiveness of a password in resisting attempts at guessing and brute-force >attacks. ><br><br> >Password complexity is one factor of several that determines how long it takes >to crack a password. The more complex the password, the greater the number of >possble combinations that need to be tested before the password is compromised. >Requiring digits makes password guessing attacks more difficult by ensuring a larger >search space.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit" id="rule-detail-idm45508565020624"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Password Strength Minimum Special Charactersxccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit mediumCCE-27360-7 </div><div class="panel-heading"><h3 class="panel-title">Set Password Strength Minimum Special Characters</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27360-7">CCE-27360-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010150</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86533r1_rule</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001619</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000266-GPOS-00101</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The pam_pwquality module's <code>ocredit=</code> parameter controls requirements for >usage of special (or "other") characters in a password. When set to a negative number, any password will be >required to contain that many special characters. When set to a positive number, pam_pwquality will grant +1 >additional length credit for each special character. Modify the <code>ocredit</code> setting in ><code>/etc/security/pwquality.conf</code> to equal <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_ocredit">-1</abbr> to require use of a special character in passwords.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Use of a complex password helps to increase the time and resources required >to compromise the password. Password complexity, or strength, is a measure of >the effectiveness of a password in resisting attempts at guessing and brute-force >attacks. ><br><br> >Password complexity is one factor of several that determines how long it takes >to crack a password. The more complex the password, the greater the number of >possble combinations that need to be tested before the password is compromised. >Requiring a minimum number of special characters makes password guessing attacks >more difficult by ensuring a larger search space.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit" id="rule-detail-idm45508565016064"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Password Strength Minimum Lowercase Charactersxccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit mediumCCE-27345-8 </div><div class="panel-heading"><h3 class="panel-title">Set Password Strength Minimum Lowercase Characters</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27345-8">CCE-27345-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010130</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86529r4_rule</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000193</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.2.3</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000070-GPOS-00038</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The pam_pwquality module's <code>lcredit</code> parameter controls requirements for >usage of lowercase letters in a password. When set to a negative number, any password will be required to >contain that many lowercase characters. When set to a positive number, pam_pwquality will grant +1 additional >length credit for each lowercase character. Modify the <code>lcredit</code> setting in ><code>/etc/security/pwquality.conf</code> to require the use of a lowercase character in passwords.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Use of a complex password helps to increase the time and resources required >to compromise the password. Password complexity, or strength, is a measure of >the effectiveness of a password in resisting attempts at guessing and brute-force >attacks. ><br><br> >Password complexity is one factor of several that determines how long it takes >to crack a password. The more complex the password, the greater the number of >possble combinations that need to be tested before the password is compromised. >Requiring a minimum number of lowercase characters makes password guessing attacks >more difficult by ensuring a larger search space.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit" id="rule-detail-idm45508565011552"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Password Strength Minimum Uppercase Charactersxccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit mediumCCE-27200-5 </div><div class="panel-heading"><h3 class="panel-title">Set Password Strength Minimum Uppercase Characters</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27200-5">CCE-27200-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010120</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86527r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">6.3.2</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000192</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.2.3</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000069-GPOS-00037</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The pam_pwquality module's <code>ucredit=</code> parameter controls requirements for >usage of uppercase letters in a password. When set to a negative number, any password will be required to >contain that many uppercase characters. When set to a positive number, pam_pwquality will grant +1 additional >length credit for each uppercase character. Modify the <code>ucredit</code> setting in ><code>/etc/security/pwquality.conf</code> to require the use of an uppercase character in passwords.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Use of a complex password helps to increase the time and resources reuiqred to compromise the password. >Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts >at guessing and brute-force attacks. ><br><br> >Password complexity is one factor of several that determines how long it takes to crack a password. The more >complex the password, the greater the number of possible combinations that need to be tested before >the password is compromised.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_retry" id="rule-detail-idm45508565007040"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Password Retry Prompts Permitted Per-Sessionxccdf_org.ssgproject.content_rule_accounts_password_pam_retry unknownCCE-27160-1 </div><div class="panel-heading"><h3 class="panel-title">Set Password Retry Prompts Permitted Per-Session</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_password_pam_retry</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27160-1">CCE-27160-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010119</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-87811r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">6.3.2</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.3</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00225</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To configure the number of retry prompts that are permitted per-session: ><br><br> >Edit the <code>pam_pwquality.so</code> statement in <code>/etc/pam.d/system-auth</code> to >show <code>retry=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_retry">3</abbr></code>, or a lower value if site policy is more restrictive. ><br><br> >The DoD requirement is a maximum of 3 prompts per session.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Setting the password retry prompts that are permitted on a per-session basis to a low value >requires some software, such as SSH, to re-connect. This can slow down and >draw additional attention to some types of password-guessing attacks. Note that this >is different from account lockout, which is provided by the pam_faillock module.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-notchecked rule-detail-id-xccdf_org.ssgproject.content_rule_auditd_audispd_encrypt_sent_records" id="rule-detail-idm45508564982000"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Encrypt Audit Records Sent With audispd Pluginxccdf_org.ssgproject.content_rule_auditd_audispd_encrypt_sent_records mediumCCE-80540-8 </div><div class="panel-heading"><h3 class="panel-title">Encrypt Audit Records Sent With audispd Plugin</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_auditd_audispd_encrypt_sent_records</td></tr><tr><td>Result</td><td class="rule-result rule-result-notchecked"><div><abbr title="The Rule was not evaluated by the checking engine. This status is designed for Rule elements that have no check elements or that correspond to an unsupported checking system. It may also correspond to a status returned by a checking engine if the checking engine does not support the indicated check code.">notchecked</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80540-8">CCE-80540-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001851</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000342-GPOS-00133</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030310</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86709r1_rule</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Configure the operating system to encrypt the transfer of off-loaded audit >records onto a different system or media from the system being audited. >Uncomment the <code>enable_krb5</code> option in <pre>/etc/audisp/audisp-remote.conf</pre>, >and set it with the following line: ><pre>enable_krb5 = yes</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Information stored in one location is vulnerable to accidental or incidental deletion >or alteration. Off-loading is a common process in information systems with limited >audit storage capacity.</p></div></td></tr><tr><td colspan="2"><div class="evaluation-messages"><span class="label label-default"><abbr title="Messages taken from rule-result">Evaluation messages</abbr></span><div class="panel panel-default"><div class="panel-body"><span class="label label-primary">info</span> > <pre><message xmlns="http://checklists.nist.gov/xccdf/1.2" severity="info">No candidate or applicable check found.</message></pre></div></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-notchecked rule-detail-id-xccdf_org.ssgproject.content_rule_auditd_audispd_configure_remote_server" id="rule-detail-idm45508564979312"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure audispd Plugin To Send Logs To Remote Serverxccdf_org.ssgproject.content_rule_auditd_audispd_configure_remote_server mediumCCE-80541-6 </div><div class="panel-heading"><h3 class="panel-title">Configure audispd Plugin To Send Logs To Remote Server</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_auditd_audispd_configure_remote_server</td></tr><tr><td>Result</td><td class="rule-result rule-result-notchecked"><div><abbr title="The Rule was not evaluated by the checking engine. This status is designed for Rule elements that have no check elements or that correspond to an unsupported checking system. It may also correspond to a status returned by a checking engine if the checking engine does not support the indicated check code.">notchecked</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80541-6">CCE-80541-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001851</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000342-GPOS-00133</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030300</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86707r1_rule</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Configure the audispd plugin to off-load audit records onto a different >system or media from the system being audited. >Set the <code>remote_server</code> option in <pre>/etc/audisp/audisp-remote.conf</pre> >with an IP address or hostname of the system that the audispd plugin should >send audit records to. For example replacing <i>REMOTE_SYSTEM</i> with an IP >address or hostname: ><pre>remote_server = <i>REMOTE_SYSTEM</i></pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Information stored in one location is vulnerable to accidental or incidental >deletion or alteration.Off-loading is a common process in information systems >with limited audit storage capacity.</p></div></td></tr><tr><td colspan="2"><div class="evaluation-messages"><span class="label label-default"><abbr title="Messages taken from rule-result">Evaluation messages</abbr></span><div class="panel panel-default"><div class="panel-body"><span class="label label-primary">info</span> > <pre><message xmlns="http://checklists.nist.gov/xccdf/1.2" severity="info">No candidate or applicable check found.</message></pre></div></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_auditd_audispd_syslog_plugin_activated" id="rule-detail-idm45508564976176"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure auditd to use audispd's syslog pluginxccdf_org.ssgproject.content_rule_auditd_audispd_syslog_plugin_activated mediumCCE-27341-7 </div><div class="panel-heading"><h3 class="panel-title">Configure auditd to use audispd's syslog plugin</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_auditd_audispd_syslog_plugin_activated</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27341-7">CCE-27341-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000136</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(6)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(8)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.314(a)(2)(i)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.314(a)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.3</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To configure the <code>auditd</code> service to use the ><code>syslog</code> plug-in of the <code>audispd</code> audit event multiplexor, set >the <code>active</code> line in <code>/etc/audisp/plugins.d/syslog.conf</code> to ><code>yes</code>. Restart the <code>auditd</code> service: ><pre>$ sudo service auditd restart</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The auditd service does not include the ability to send audit >records to a centralized server for management directly. It does, however, >include a plug-in for audit event multiplexor (audispd) to pass audit records >to the local syslog server</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_rmmod" id="rule-detail-idm45508564947200"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on Kernel Module Unloading - rmmodxccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_rmmod mediumCCE-80416-1 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on Kernel Module Unloading - rmmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_rmmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80416-1">CCE-80416-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030850</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86817r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.17</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00216</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000477-GPOS-00222</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To capture invocation of rmmod, utility used to remove modules from kernel, >add the following line: ><pre>-w /usr/sbin/rmmod -p x -k modules</pre> >Place to add the line depends on a way <code>auditd</code> daemon is configured. If it is configured >to use the <code>augenrules</code> program (the default), add the line to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. > >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility, >add the line to file <code>/etc/audit/audit.rules</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The removal of kernel modules can be used to alter the behavior of >the kernel and potentially introduce malicious code into kernel space. It is important >to have an audit trail of modules that have been introduced into the kernel.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_modprobe" id="rule-detail-idm45508564941120"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on Kernel Module Loading and Unloading - modprobexccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_modprobe mediumCCE-80417-9 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on Kernel Module Loading and Unloading - modprobe</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_modprobe</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80417-9">CCE-80417-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030860</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86819r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.17</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00216</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000477-GPOS-00222</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To capture invocation of modprobe, utility used to insert / remove modules from kernel, >add the following line: ><pre>-w /usr/sbin/modprobe -p x -k modules</pre> >Place to add the line depends on a way <code>auditd</code> daemon is configured. If it is configured >to use the <code>augenrules</code> program (the default), add the line to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. > >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility, >add the line to file <code>/etc/audit/audit.rules</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The addition/removal of kernel modules can be used to alter the behavior of >the kernel and potentially introduce malicious code into kernel space. It is important >to have an audit trail of modules that have been introduced into the kernel.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete" id="rule-detail-idm45508564937360"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on Kernel Module Unloading - delete_modulexccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete mediumCCE-80415-3 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on Kernel Module Unloading - delete_module</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80415-3">CCE-80415-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030830</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86813r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.17</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00216</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000477-GPOS-00222</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To capture kernel module unloading events, use following line, setting ARCH to >either b32 for 32-bit system, or having two lines for both b32 and b64 in case your system is 64-bit: ><pre>-a always,exit -F arch=<i>ARCH</i> -S delete_module -F key=modules</pre> > >Place to add the line depends on a way <code>auditd</code> daemon is configured. If it is configured >to use the <code>augenrules</code> program (the default), add the line to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. > >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility, >add the line to file <code>/etc/audit/audit.rules</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The removal of kernel modules can be used to alter the behavior of >the kernel and potentially introduce malicious code into kernel space. It is important >to have an audit trail of modules that have been introduced into the kernel.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_insmod" id="rule-detail-idm45508564931312"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on Kernel Module Loading - insmodxccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_insmod mediumCCE-80446-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on Kernel Module Loading - insmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_insmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80446-8">CCE-80446-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030840</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86815r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.17</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00216</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000477-GPOS-00222</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To capture invocation of insmod, utility used to insert modules into kernel, >use the following line: ><pre>-w /usr/sbin/insmod -p x -k modules</pre> >Place to add the line depends on a way <code>auditd</code> daemon is configured. If it is configured >to use the <code>augenrules</code> program (the default), add the line to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. > >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility, >add the line to file <code>/etc/audit/audit.rules</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The addition of kernel modules can be used to alter the behavior of >the kernel and potentially introduce malicious code into kernel space. It is important >to have an audit trail of modules that have been introduced into the kernel.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" id="rule-detail-idm45508564925808"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on Kernel Module Loading - init_modulexccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init mediumCCE-80414-6 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on Kernel Module Loading - init_module</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80414-6">CCE-80414-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030820</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86811r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.17</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00216</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000477-GPOS-00222</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To capture kernel module loading events, use following line, setting ARCH to >either b32 for 32-bit system, or having two lines for both b32 and b64 in case your system is 64-bit: ><pre>-a always,exit -F arch=<i>ARCH</i> -S init_module -F key=modules</pre> > >Place to add the line depends on a way <code>auditd</code> daemon is configured. If it is configured >to use the <code>augenrules</code> program (the default), add the line to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. > >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility, >add the line to file <code>/etc/audit/audit.rules</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The addition of kernel modules can be used to alter the behavior of >the kernel and potentially introduce malicious code into kernel space. It is important >to have an audit trail of modules that have been introduced into the kernel.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog" id="rule-detail-idm45508564919776"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Attempts to Alter Logon and Logout Events - lastlogxccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog mediumCCE-80384-1 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Logon and Logout Events - lastlog</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80384-1">CCE-80384-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030620</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86771r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.8</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.3</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000470-GPOS-00214</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000473-GPOS-00218</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system already collects login information for all users >and root. If the <code>auditd</code> daemon is configured to use the ><code>augenrules</code> program to read audit rules during daemon startup (the >default), add the following lines to a file with suffix <code>.rules</code> in the >directory <code>/etc/audit/rules.d</code> in order to watch for attempted manual >edits of files involved in storing logon events: ><pre>-w /var/log/lastlog -p wa -k logins</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file in order to watch for unattempted manual >edits of files involved in storing logon events: ><pre>-w /var/log/lastlog -p wa -k logins</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Manual editing of these files may indicate nefarious activity, such >as an attacker attempting to remove evidence of an intrusion.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock" id="rule-detail-idm45508564916048"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Attempts to Alter Logon and Logout Events - faillockxccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock mediumCCE-80383-3 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Logon and Logout Events - faillock</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80383-3">CCE-80383-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030610</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86769r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.8</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.3</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000470-GPOS-00214</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000473-GPOS-00218</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system already collects login information for all users >and root. If the <code>auditd</code> daemon is configured to use the ><code>augenrules</code> program to read audit rules during daemon startup (the >default), add the following lines to a file with suffix <code>.rules</code> in the >directory <code>/etc/audit/rules.d</code> in order to watch for attempted manual >edits of files involved in storing logon events: ><pre>-w /var/run/faillock/ -p wa -k logins</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file in order to watch for unattempted manual >edits of files involved in storing logon events: ><pre>-w /var/run/faillock/ -p wa -k logins</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Manual editing of these files may indicate nefarious activity, such >as an attacker attempting to remove evidence of an intrusion.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_tallylog" id="rule-detail-idm45508564912368"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Attempts to Alter Logon and Logout Events - tallylogxccdf_org.ssgproject.content_rule_audit_rules_login_events_tallylog mediumCCE-80382-5 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Logon and Logout Events - tallylog</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_login_events_tallylog</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80382-5">CCE-80382-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030600</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86767r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.8</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.3</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000470-GPOS-00214</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000473-GPOS-00218</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system already collects login information for all users >and root. If the <code>auditd</code> daemon is configured to use the ><code>augenrules</code> program to read audit rules during daemon startup (the >default), add the following lines to a file with suffix <code>.rules</code> in the >directory <code>/etc/audit/rules.d</code> in order to watch for attempted manual >edits of files involved in storing logon events: ><pre>-w /var/log/tallylog -p wa -k logins</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file in order to watch for unattempted manual >edits of files involved in storing logon events: ><pre>-w /var/log/tallylog -p wa -k logins</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Manual editing of these files may indicate nefarious activity, such >as an attacker attempting to remove evidence of an intrusion.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown" id="rule-detail-idm45508564896816"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - fchownxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown unknownCCE-27356-5 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fchown</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27356-5">CCE-27356-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030380</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86723r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000474-GPOS-00219</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission >changes for all users and root. If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following line to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S fchown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S fchown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following line to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b32 -S fchown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S fchown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to >gain access to information that would otherwise be disallowed. Auditing DAC modifications >can facilitate the identification of patterns of abuse among both authorized and >unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping these system >calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr" id="rule-detail-idm45508564893088"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - setxattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr unknownCCE-27213-8 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - setxattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27213-8">CCE-27213-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030440</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86735r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission >changes for all users and root. If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following line to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S setxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S setxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following line to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b32 -S setxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S setxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to >gain access to information that would otherwise be disallowed. Auditing DAC modifications >can facilitate the identification of patterns of abuse among both authorized and >unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping these system >calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr" id="rule-detail-idm45508564889408"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - fsetxattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr unknownCCE-27389-6 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fsetxattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27389-6">CCE-27389-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030450</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86737r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission >changes for all users and root. If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following line to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S fsetxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S fsetxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following line to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b32 -S fsetxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S fsetxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to >gain access to information that would otherwise be disallowed. Auditing DAC modifications >can facilitate the identification of patterns of abuse among both authorized and >unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping these system >calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown" id="rule-detail-idm45508564885712"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - chownxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown unknownCCE-27364-9 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - chown</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27364-9">CCE-27364-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030370</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86721r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000474-GPOS-00219</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission >changes for all users and root. If the <code>auditd</code> daemon is configured to >use the <code>augenrules</code> program to read audit rules during daemon startup >(the default), add the following line to a file with suffix <code>.rules</code> in >the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S chown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S chown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following line to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b32 -S chown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S chown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to >gain access to information that would otherwise be disallowed. Auditing DAC modifications >can facilitate the identification of patterns of abuse among both authorized and >unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping these system >calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat" id="rule-detail-idm45508564882032"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - fchownatxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat unknownCCE-27387-0 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fchownat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27387-0">CCE-27387-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030400</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86727r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000474-GPOS-00219</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission >changes for all users and root. If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following line to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S fchownat -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S fchownat -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following line to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b32 -S fchownat -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S fchownat -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to >gain access to information that would otherwise be disallowed. Auditing DAC modifications >can facilitate the identification of patterns of abuse among both authorized and >unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping these system >calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown" id="rule-detail-idm45508564878352"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - lchownxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown unknownCCE-27083-5 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - lchown</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27083-5">CCE-27083-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030390</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86725r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000474-GPOS-00219</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission >changes for all users and root. If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following line to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S lchown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S lchown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following line to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b32 -S lchown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S lchown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to >gain access to information that would otherwise be disallowed. Auditing DAC modifications >can facilitate the identification of patterns of abuse among both authorized and >unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping these system >calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod" id="rule-detail-idm45508564874672"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - chmodxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod unknownCCE-27339-1 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - chmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27339-1">CCE-27339-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030410</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86729r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission >changes for all users and root. If the <code>auditd</code> daemon is configured to >use the <code>augenrules</code> program to read audit rules during daemon startup >(the default), add the following line to a file with suffix <code>.rules</code> in >the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S chmod -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S chmod -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following line to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b32 -S chmod -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S chmod -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to >gain access to information that would otherwise be disallowed. Auditing DAC modifications >can facilitate the identification of patterns of abuse among both authorized and >unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping these system >calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr" id="rule-detail-idm45508564870992"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - removexattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr mediumCCE-27367-2 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - removexattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27367-2">CCE-27367-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030470</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86741r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission >changes for all users and root. ><br><br> >If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> >program to read audit rules during daemon startup (the default), add the >following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S removexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> ><br><br> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S removexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> ><br><br> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following line to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b32 -S removexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> ><br><br> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S removexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to >gain access to information that would otherwise be disallowed. Auditing DAC modifications >can facilitate the identification of patterns of abuse among both authorized and >unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping these system >calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr" id="rule-detail-idm45508564867296"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - fremovexattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr mediumCCE-27353-2 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fremovexattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27353-2">CCE-27353-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030480</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86743r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission >changes for all users and root. ><br><br> >If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following line to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S fremovexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> ><br><br> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S fremovexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> ><br><br> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following line to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b32 -S fremovexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> ><br><br> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S fremovexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to >gain access to information that would otherwise be disallowed. Auditing DAC modifications >can facilitate the identification of patterns of abuse among both authorized and >unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping these system >calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr" id="rule-detail-idm45508564863584"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - lsetxattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr unknownCCE-27280-7 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - lsetxattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27280-7">CCE-27280-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030460</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86739r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000474-GPOS-00219</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission >changes for all users and root. If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following line to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S lsetxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S lsetxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following line to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b32 -S lsetxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S lsetxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to >gain access to information that would otherwise be disallowed. Auditing DAC modifications >can facilitate the identification of patterns of abuse among both authorized and >unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping these system >calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod" id="rule-detail-idm45508564859888"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - fchmodxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod unknownCCE-27393-8 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fchmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27393-8">CCE-27393-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030420</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86731r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission >changes for all users and root. If the <code>auditd</code> daemon is configured to >use the <code>augenrules</code> program to read audit rules during daemon startup >(the default), add the following line to a file with suffix <code>.rules</code> in >the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S fchmod -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S fchmod -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following line to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b32 -S fchmod -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S fchmod -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to >gain access to information that would otherwise be disallowed. Auditing DAC modifications >can facilitate the identification of patterns of abuse among both authorized and >unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping these system >calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr" id="rule-detail-idm45508564856208"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - lremovexattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr mediumCCE-27410-0 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - lremovexattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27410-0">CCE-27410-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030490</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86745r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission >changes for all users and root. ><br><br> >If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following line to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S lremovexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> ><br><br> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S lremovexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> ><br><br> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following line to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b32 -S lremovexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> ><br><br> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S lremovexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to >gain access to information that would otherwise be disallowed. Auditing DAC modifications >can facilitate the identification of patterns of abuse among both authorized and >unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping these system >calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat" id="rule-detail-idm45508564852496"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - fchmodatxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat unknownCCE-27388-8 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fchmodat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27388-8">CCE-27388-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030430</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86733r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission >changes for all users and root. If the <code>auditd</code> daemon is configured to >use the <code>augenrules</code> program to read audit rules during daemon startup >(the default), add the following line to a file with suffix <code>.rules</code> in >the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S fchmodat -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S fchmodat -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following line to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b32 -S fchmodat -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> >If the system is 64 bit then also add the following line: ><pre>-a always,exit -F arch=b64 -S fchmodat -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to >gain access to information that would otherwise be disallowed. Auditing DAC modifications >can facilitate the identification of patterns of abuse among both authorized and >unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping these system >calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_seunshare" id="rule-detail-idm45508564848816"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Any Attempts to Run seunsharexccdf_org.ssgproject.content_rule_audit_rules_execution_seunshare medium</div><div class="panel-heading"><h3 class="panel-title">Record Any Attempts to Run seunshare</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_execution_seunshare</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect any execution attempt >of the <code>seunshare</code> command for all users and root. If the <code>auditd</code> >daemon is configured to use the <code>augenrules</code> program to read audit rules >during daemon startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/sbin/seunshare -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged-priv_change</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F path=/usr/sbin/seunshare -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged-priv_change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_setsebool" id="rule-detail-idm45508564844032"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Any Attempts to Run setseboolxccdf_org.ssgproject.content_rule_audit_rules_execution_setsebool mediumCCE-80392-4 </div><div class="panel-heading"><h3 class="panel-title">Record Any Attempts to Run setsebool</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_execution_setsebool</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80392-4">CCE-80392-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030570</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86761r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000463-GPOS-00207</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000465-GPOS-00209</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect any execution attempt >of the <code>setsebool</code> command for all users and root. If the <code>auditd</code> >daemon is configured to use the <code>augenrules</code> program to read audit rules >during daemon startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/sbin/setsebool -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F path=/usr/sbin/setsebool -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_semanage" id="rule-detail-idm45508564840352"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Any Attempts to Run semanagexccdf_org.ssgproject.content_rule_audit_rules_execution_semanage mediumCCE-80391-6 </div><div class="panel-heading"><h3 class="panel-title">Record Any Attempts to Run semanage</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_execution_semanage</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80391-6">CCE-80391-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030560</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86759r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000463-GPOS-00207</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000465-GPOS-00209</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect any execution attempt >of the <code>semanage</code> command for all users and root. If the <code>auditd</code> >daemon is configured to use the <code>augenrules</code> program to read audit rules >during daemon startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_chcon" id="rule-detail-idm45508564836672"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Any Attempts to Run chconxccdf_org.ssgproject.content_rule_audit_rules_execution_chcon mediumCCE-80393-2 </div><div class="panel-heading"><h3 class="panel-title">Record Any Attempts to Run chcon</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_execution_chcon</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80393-2">CCE-80393-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030580</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86763r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000463-GPOS-00207</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000465-GPOS-00209</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect any execution attempt >of the <code>chcon</code> command for all users and root. If the <code>auditd</code> >daemon is configured to use the <code>augenrules</code> program to read audit rules >during daemon startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_restorecon" id="rule-detail-idm45508564832992"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Any Attempts to Run restoreconxccdf_org.ssgproject.content_rule_audit_rules_execution_restorecon mediumCCE-80394-0 </div><div class="panel-heading"><h3 class="panel-title">Record Any Attempts to Run restorecon</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_execution_restorecon</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80394-0">CCE-80394-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000463-GPOS-00207</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000465-GPOS-00209</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect any execution attempt >of the <code>restorecon</code> command for all users and root. If the <code>auditd</code> >daemon is configured to use the <code>augenrules</code> program to read audit rules >during daemon startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/sbin/restorecon -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F path=/usr/sbin/restorecon -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir" id="rule-detail-idm45508564829312"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects File Deletion Events by User - rmdirxccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir mediumCCE-80412-0 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects File Deletion Events by User - rmdir</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80412-0">CCE-80412-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030900</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86827r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000466-GPOS-00210</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000467-GPOS-00210</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000468-GPOS-00212</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file deletion events >for all users and root. If the <code>auditd</code> daemon is configured to use the ><code>augenrules</code> program to read audit rules during daemon startup (the >default), add the following line to a file with suffix <code>.rules</code> in the >directory <code>/etc/audit/rules.d</code>, setting ARCH to either b32 or b64 as >appropriate for your system: ><pre>-a always,exit -F arch=ARCH -S rmdir -F auid>=1000 -F auid!=4294967295 -F key=delete</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following line to ><code>/etc/audit/audit.rules</code> file, setting ARCH to either b32 or b64 as >appropriate for your system: ><pre>-a always,exit -F arch=ARCH -S rmdir -F auid>=1000 -F auid!=4294967295 -F key=delete</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Auditing file deletions will create an audit trail for files that are removed >from the system. The audit trail could aid in system troubleshooting, as well as, detecting >malicious processes that attempt to delete log files to conceal their presence.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat" id="rule-detail-idm45508564825616"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects File Deletion Events by User - unlinkatxccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat mediumCCE-27206-2 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects File Deletion Events by User - unlinkat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27206-2">CCE-27206-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030920</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86831r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000466-GPOS-00210</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000467-GPOS-00210</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000468-GPOS-00212</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file deletion events >for all users and root. If the <code>auditd</code> daemon is configured to use the ><code>augenrules</code> program to read audit rules during daemon startup (the >default), add the following line to a file with suffix <code>.rules</code> in the >directory <code>/etc/audit/rules.d</code>, setting ARCH to either b32 or b64 as >appropriate for your system: ><pre>-a always,exit -F arch=ARCH -S unlinkat -F auid>=1000 -F auid!=4294967295 -F key=delete</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following line to ><code>/etc/audit/audit.rules</code> file, setting ARCH to either b32 or b64 as >appropriate for your system: ><pre>-a always,exit -F arch=ARCH -S unlinkat -F auid>=1000 -F auid!=4294967295 -F key=delete</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Auditing file deletions will create an audit trail for files that are removed >from the system. The audit trail could aid in system troubleshooting, as well as, detecting >malicious processes that attempt to delete log files to conceal their presence.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename" id="rule-detail-idm45508564819568"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects File Deletion Events by User - renamexccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename mediumCCE-27206-2 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects File Deletion Events by User - rename</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27206-2">CCE-27206-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030880</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86823r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000466-GPOS-00210</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000467-GPOS-00210</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000468-GPOS-00212</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file deletion events >for all users and root. If the <code>auditd</code> daemon is configured to use the ><code>augenrules</code> program to read audit rules during daemon startup (the >default), add the following line to a file with suffix <code>.rules</code> in the >directory <code>/etc/audit/rules.d</code>, setting ARCH to either b32 or b64 as >appropriate for your system: ><pre>-a always,exit -F arch=ARCH -S rename -F auid>=1000 -F auid!=4294967295 -F key=delete</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following line to ><code>/etc/audit/audit.rules</code> file, setting ARCH to either b32 or b64 as >appropriate for your system: ><pre>-a always,exit -F arch=ARCH -S rename -F auid>=1000 -F auid!=4294967295 -F key=delete</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Auditing file deletions will create an audit trail for files that are removed >from the system. The audit trail could aid in system troubleshooting, as well as, detecting >malicious processes that attempt to delete log files to conceal their presence.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat" id="rule-detail-idm45508564815824"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects File Deletion Events by User - renameatxccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat mediumCCE-80413-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects File Deletion Events by User - renameat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80413-8">CCE-80413-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030890</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86825r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000466-GPOS-00210</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000467-GPOS-00210</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000468-GPOS-00212</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file deletion events >for all users and root. If the <code>auditd</code> daemon is configured to use the ><code>augenrules</code> program to read audit rules during daemon startup (the >default), add the following line to a file with suffix <code>.rules</code> in the >directory <code>/etc/audit/rules.d</code>, setting ARCH to either b32 or b64 as >appropriate for your system: ><pre>-a always,exit -F arch=ARCH -S renameat -F auid>=1000 -F auid!=4294967295 -F key=delete</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following line to ><code>/etc/audit/audit.rules</code> file, setting ARCH to either b32 or b64 as >appropriate for your system: ><pre>-a always,exit -F arch=ARCH -S renameat -F auid>=1000 -F auid!=4294967295 -F key=delete</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Auditing file deletions will create an audit trail for files that are removed >from the system. The audit trail could aid in system troubleshooting, as well as, detecting >malicious processes that attempt to delete log files to conceal their presence.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink" id="rule-detail-idm45508564812112"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects File Deletion Events by User - unlinkxccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink mediumCCE-27206-2 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects File Deletion Events by User - unlink</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27206-2">CCE-27206-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030910</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86829r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000466-GPOS-00210</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000467-GPOS-00210</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000468-GPOS-00212</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file deletion events >for all users and root. If the <code>auditd</code> daemon is configured to use the ><code>augenrules</code> program to read audit rules during daemon startup (the >default), add the following line to a file with suffix <code>.rules</code> in the >directory <code>/etc/audit/rules.d</code>, setting ARCH to either b32 or b64 as >appropriate for your system: ><pre>-a always,exit -F arch=ARCH -S unlink -F auid>=1000 -F auid!=4294967295 -F key=delete</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following line to ><code>/etc/audit/audit.rules</code> file, setting ARCH to either b32 or b64 as >appropriate for your system: ><pre>-a always,exit -F arch=ARCH -S unlink -F auid>=1000 -F auid!=4294967295 -F key=delete</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Auditing file deletions will create an audit trail for files that are removed >from the system. The audit trail could aid in system troubleshooting, as well as, detecting >malicious processes that attempt to delete log files to conceal their presence.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passwd" id="rule-detail-idm45508564808416"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - passwdxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passwd mediumCCE-80395-7 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - passwd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passwd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80395-7">CCE-80395-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030630</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86773r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of >privileged commands for all users and root. If the <code>auditd</code> daemon is >configured to use the <code>augenrules</code> program to read audit rules during >daemon startup (the default), add a line of the following form to a file with >suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add a line of the following >form to <code>/etc/audit/audit.rules</code>: ><pre>-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudo" id="rule-detail-idm45508564804720"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - sudoxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudo mediumCCE-80401-3 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - sudo</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudo</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80401-3">CCE-80401-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030690</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86785r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of >privileged commands for all users and root. If the <code>auditd</code> daemon is >configured to use the <code>augenrules</code> program to read audit rules during >daemon startup (the default), add a line of the following form to a file with >suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add a line of the following >form to <code>/etc/audit/audit.rules</code>: ><pre>-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr><tr><td colspan="2"><div class="remediation"><span class="label label-success">Remediation Shell script:</span>   <a data-toggle="collapse" data-target="#idm45508570712208">(show)</a><br></br><div class="panel-collapse collapse" id="idm45508570712208"><pre><code> > >PATTERN="-a always,exit -F path=/usr/bin/sudo\\s*.*" >GROUP="privileged" >FULL_RULE="-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged" ># Perform the remediation for both possible tools: 'auditctl' and 'augenrules' ><abbr title="from TestResult: xccdf_org.ssgproject.content_value_function_fix_audit_syscall_rule"># Function to fix syscall audit rule for given system call. It is ># based on example audit syscall rule definitions as outlined in ># /usr/share/doc/audit-2.3.7/stig.rules file provided with the audit ># package. It will combine multiple system calls belonging to the same ># syscall group into one audit rule (rather than to create audit rule per ># different system call) to avoid audit infrastructure performance penalty ># in the case of 'one-audit-rule-definition-per-one-system-call'. See: ># ># https://www.redhat.com/archives/linux-audit/2014-November/msg00009.html ># ># for further details. ># ># Expects five arguments (each of them is required) in the form of: ># * audit tool tool used to load audit rules, ># either 'auditctl', or 'augenrules ># * audit rules' pattern audit rule skeleton for same syscall ># * syscall group greatest common string this rule shares ># with other rules from the same group ># * architecture architecture this rule is intended for ># * full form of new rule to add expected full form of audit rule as to be ># added into audit.rules file ># ># Note: The 2-th up to 4-th arguments are used to determine how many existing ># audit rules will be inspected for resemblance with the new audit rule ># (5-th argument) the function is going to add. The rule's similarity check ># is performed to optimize audit.rules definition (merge syscalls of the same ># group into one rule) to avoid the "single-syscall-per-audit-rule" performance ># penalty. ># ># Example call: ># ># See e.g. 'audit_rules_file_deletion_events.sh' remediation script ># >function fix_audit_syscall_rule { > ># Load function arguments into local variables >local tool="$1" >local pattern="$2" >local group="$3" >local arch="$4" >local full_rule="$5" > ># Check sanity of the input >if [ $# -ne "5" ] >then > echo "Usage: fix_audit_syscall_rule 'tool' 'pattern' 'group' 'arch' 'full rule'" > echo "Aborting." > exit 1 >fi > ># Create a list of audit *.rules files that should be inspected for presence and correctness ># of a particular audit rule. The scheme is as follows: ># ># ----------------------------------------------------------------------------------------- ># Tool used to load audit rules | Rule already defined | Audit rules file to inspect | ># ----------------------------------------------------------------------------------------- ># auditctl | Doesn't matter | /etc/audit/audit.rules | ># ----------------------------------------------------------------------------------------- ># augenrules | Yes | /etc/audit/rules.d/*.rules | ># augenrules | No | /etc/audit/rules.d/$key.rules | ># ----------------------------------------------------------------------------------------- ># >declare -a files_to_inspect > >retval=0 > ># First check sanity of the specified audit tool >if [ "$tool" != 'auditctl' ] && [ "$tool" != 'augenrules' ] >then > echo "Unknown audit rules loading tool: $1. Aborting." > echo "Use either 'auditctl' or 'augenrules'!" > return 1 ># If audit tool is 'auditctl', then add '/etc/audit/audit.rules' ># file to the list of files to be inspected >elif [ "$tool" == 'auditctl' ] >then > files_to_inspect=("${files_to_inspect[@]}" '/etc/audit/audit.rules' ) ># If audit tool is 'augenrules', then check if the audit rule is defined ># If rule is defined, add '/etc/audit/rules.d/*.rules' to the list for inspection ># If rule isn't defined yet, add '/etc/audit/rules.d/$key.rules' to the list for inspection >elif [ "$tool" == 'augenrules' ] >then > # Extract audit $key from audit rule so we can use it later > key=$(expr "$full_rule" : '.*-k[[:space:]]\([^[:space:]]\+\)' '|' "$full_rule" : '.*-F[[:space:]]key=\([^[:space:]]\+\)') > # Check if particular audit rule is already defined > IFS=$'\n' matches=($(sed -s -n -e "\;${pattern};!d" -e "/${arch}/!d" -e "/${group}/!d;F" /etc/audit/rules.d/*.rules)) > if [ $? -ne 0 ] > then > retval=1 > fi > # Reset IFS back to default > unset IFS > for match in "${matches[@]}" > do > files_to_inspect=("${files_to_inspect[@]}" "${match}") > done > # Case when particular rule isn't defined in /etc/audit/rules.d/*.rules yet > if [ ${#files_to_inspect[@]} -eq "0" ] > then > files_to_inspect="/etc/audit/rules.d/$key.rules" > if [ ! -e "$files_to_inspect" ] > then > touch "$files_to_inspect" > chmod 0640 "$files_to_inspect" > fi > fi >fi > ># ># Indicator that we want to append $full_rule into $audit_file by default >local append_expected_rule=0 > >for audit_file in "${files_to_inspect[@]}" >do > > # Filter existing $audit_file rules' definitions to select those that: > # * follow the rule pattern, and > # * meet the hardware architecture requirement, and > # * are current syscall group specific > IFS=$'\n' existing_rules=($(sed -e "\;${pattern};!d" -e "/${arch}/!d" -e "/${group}/!d" "$audit_file")) > if [ $? -ne 0 ] > then > retval=1 > fi > # Reset IFS back to default > unset IFS > > # Process rules found case-by-case > for rule in "${existing_rules[@]}" > do > # Found rule is for same arch & key, but differs (e.g. in count of -S arguments) > if [ "${rule}" != "${full_rule}" ] > then > # If so, isolate just '(-S \w)+' substring of that rule > rule_syscalls=$(echo $rule | grep -o -P '(-S \w+ )+') > # Check if list of '-S syscall' arguments of that rule is subset > # of '-S syscall' list of expected $full_rule > if grep -q -- "$rule_syscalls" <<< "$full_rule" > then > # Rule is covered (i.e. the list of -S syscalls for this rule is > # subset of -S syscalls of $full_rule => existing rule can be deleted > # Thus delete the rule from audit.rules & our array > sed -i -e "\;${rule};d" "$audit_file" > if [ $? -ne 0 ] > then > retval=1 > fi > existing_rules=("${existing_rules[@]//$rule/}") > else > # Rule isn't covered by $full_rule - it besides -S syscall arguments > # for this group contains also -S syscall arguments for other syscall > # group. Example: '-S lchown -S fchmod -S fchownat' => group='chown' > # since 'lchown' & 'fchownat' share 'chown' substring > # Therefore: > # * 1) delete the original rule from audit.rules > # (original '-S lchown -S fchmod -S fchownat' rule would be deleted) > # * 2) delete the -S syscall arguments for this syscall group, but > # keep those not belonging to this syscall group > # (original '-S lchown -S fchmod -S fchownat' would become '-S fchmod' > # * 3) append the modified (filtered) rule again into audit.rules > # if the same rule not already present > # > # 1) Delete the original rule > sed -i -e "\;${rule};d" "$audit_file" > if [ $? -ne 0 ] > then > retval=1 > fi > # 2) Delete syscalls for this group, but keep those from other groups > # Convert current rule syscall's string into array splitting by '-S' delimiter > IFS=$'-S' read -a rule_syscalls_as_array <<< "$rule_syscalls" > # Reset IFS back to default > unset IFS > # Declare new empty string to hold '-S syscall' arguments from other groups > new_syscalls_for_rule='' > # Walk through existing '-S syscall' arguments > for syscall_arg in "${rule_syscalls_as_array[@]}" > do > # Skip empty $syscall_arg values > if [ "$syscall_arg" == '' ] > then > continue > fi > # If the '-S syscall' doesn't belong to current group add it to the new list > # (together with adding '-S' delimiter back for each of such item found) > if grep -q -v -- "$group" <<< "$syscall_arg" > then > new_syscalls_for_rule="$new_syscalls_for_rule -S $syscall_arg" > fi > done > # Replace original '-S syscall' list with the new one for this rule > updated_rule=${rule//$rule_syscalls/$new_syscalls_for_rule} > # Squeeze repeated whitespace characters in rule definition (if any) into one > updated_rule=$(echo "$updated_rule" | tr -s '[:space:]') > # 3) Append the modified / filtered rule again into audit.rules > # (but only in case it's not present yet to prevent duplicate definitions) > if ! grep -q -- "$updated_rule" "$audit_file" > then > echo "$updated_rule" >> "$audit_file" > fi > fi > else > # $audit_file already contains the expected rule form for this > # architecture & key => don't insert it second time > append_expected_rule=1 > fi > done > > # We deleted all rules that were subset of the expected one for this arch & key. > # Also isolated rules containing system calls not from this system calls group. > # Now append the expected rule if it's not present in $audit_file yet > if [[ ${append_expected_rule} -eq "0" ]] > then > echo "$full_rule" >> "$audit_file" > fi >done > >return $retval > >} ></abbr> >fix_audit_syscall_rule "auditctl" "$PATTERN" "$GROUP" "$ARCH" "$FULL_RULE" >fix_audit_syscall_rule "augenrules" "$PATTERN" "$GROUP" "$ARCH" "$FULL_RULE" ></code></pre></div></div></td></tr><tr><td colspan="2"><div class="remediation"><span class="label label-success">Remediation Ansible snippet:</span>   <a data-toggle="collapse" data-target="#idm45508570700400">(show)</a><br></br><div class="panel-collapse collapse" id="idm45508570700400"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code> ># Inserts/replaces the rule in /etc/audit/rules.d > >- name: Search /etc/audit/rules.d for audit rule entries > find: > paths: "/etc/audit/rules.d" > recurse: no > contains: "^.*path=/usr/bin/sudo.*$" > patterns: "*.rules" > register: find_sudo > >- name: Use /etc/audit/rules.d/privileged.rules as the recipient for the rule > set_fact: > all_files: > - /etc/audit/rules.d/privileged.rules > when: find_sudo.matched == 0 > >- name: Use matched file as the recipient for the rule > set_fact: > all_files: > - "{{ find_sudo.files | map(attribute='path') | list | first }}" > when: find_sudo.matched > 0 > >- name: Inserts/replaces the sudo rule in rules.d > lineinfile: > path: "{{ all_files[0] }}" > line: '-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged' > create: yes > tags: > - audit_rules_privileged_commands_sudo > - medium_severity > - restrict_strategy > - low_complexity > - low_disruption > - CCE-80401-3 > - NIST-800-53-AU-3(1) > - NIST-800-53-AU-12(c) > - NIST-800-171-3.1.7 > - DISA-STIG-RHEL-07-030690 > ># Inserts/replaces the sudo rule in /etc/audit/audit.rules > >- name: Inserts/replaces the sudo rule in audit.rules > lineinfile: > path: /etc/audit/audit.rules > line: '-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged' > create: yes > tags: > - audit_rules_privileged_commands_sudo > - medium_severity > - restrict_strategy > - low_complexity > - low_disruption > - CCE-80401-3 > - NIST-800-53-AU-3(1) > - NIST-800-53-AU-12(c) > - NIST-800-171-3.1.7 > - DISA-STIG-RHEL-07-030690 ></code></pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_usernetctl" id="rule-detail-idm45508564801040"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - usernetctlxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_usernetctl medium</div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - usernetctl</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_usernetctl</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of >privileged commands for all users and root. If the <code>auditd</code> daemon is >configured to use the <code>augenrules</code> program to read audit rules during >daemon startup (the default), add a line of the following form to a file with >suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/sbin/usernetctl -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add a line of the following >form to <code>/etc/audit/audit.rules</code>: ><pre>-a always,exit -F path=/usr/sbin/usernetctl -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh" id="rule-detail-idm45508564795616"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - chshxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh mediumCCE-80404-7 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - chsh</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80404-7">CCE-80404-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030720</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86791r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of >privileged commands for all users and root. If the <code>auditd</code> daemon is >configured to use the <code>augenrules</code> program to read audit rules during >daemon startup (the default), add a line of the following form to a file with >suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add a line of the following >form to <code>/etc/audit/audit.rules</code>: ><pre>-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgidmap" id="rule-detail-idm45508564791888"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - newgidmapxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgidmap medium</div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - newgidmap</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgidmap</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of >privileged commands for all users and root. If the <code>auditd</code> daemon is >configured to use the <code>augenrules</code> program to read audit rules during >daemon startup (the default), add a line of the following form to a file with >suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/bin/newgidmap -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add a line of the following >form to <code>/etc/audit/audit.rules</code>: ><pre>-a always,exit -F path=/usr/bin/newgidmap -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage" id="rule-detail-idm45508564786464"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - chagexccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage mediumCCE-80398-1 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - chage</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80398-1">CCE-80398-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030660</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86779r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of >privileged commands for all users and root. If the <code>auditd</code> daemon is >configured to use the <code>augenrules</code> program to read audit rules during >daemon startup (the default), add a line of the following form to a file with >suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add a line of the following >form to <code>/etc/audit/audit.rules</code>: ><pre>-a always,exit -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_userhelper" id="rule-detail-idm45508564782736"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - userhelperxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_userhelper mediumCCE-80399-9 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - userhelper</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_userhelper</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80399-9">CCE-80399-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030670</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86781r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of >privileged commands for all users and root. If the <code>auditd</code> daemon is >configured to use the <code>augenrules</code> program to read audit rules during >daemon startup (the default), add a line of the following form to a file with >suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/bin/userhelper -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add a line of the following >form to <code>/etc/audit/audit.rules</code>: ><pre>-a always,exit -F path=/usr/bin/userhelper -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_at" id="rule-detail-idm45508564779024"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - atxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_at medium</div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - at</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_at</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of >privileged commands for all users and root. If the <code>auditd</code> daemon is >configured to use the <code>augenrules</code> program to read audit rules during >daemon startup (the default), add a line of the following form to a file with >suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/bin/at -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add a line of the following >form to <code>/etc/audit/audit.rules</code>: ><pre>-a always,exit -F path=/usr/bin/at -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab" id="rule-detail-idm45508564773632"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - crontabxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab mediumCCE-80410-4 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - crontab</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80410-4">CCE-80410-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030800</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86807r2_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of >privileged commands for all users and root. If the <code>auditd</code> daemon is >configured to use the <code>augenrules</code> program to read audit rules during >daemon startup (the default), add a line of the following form to a file with >suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add a line of the following >form to <code>/etc/audit/audit.rules</code>: ><pre>-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_umount" id="rule-detail-idm45508564769888"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - umountxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_umount mediumCCE-80405-4 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - umount</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_umount</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80405-4">CCE-80405-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030750</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86797r4_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of >privileged commands for all users and root. If the <code>auditd</code> daemon is >configured to use the <code>augenrules</code> program to read audit rules during >daemon startup (the default), add a line of the following form to a file with >suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/bin/umount -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add a line of the following >form to <code>/etc/audit/audit.rules</code>: ><pre>-a always,exit -F path=/usr/bin/umount -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd" id="rule-detail-idm45508564766192"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwdxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd mediumCCE-80396-5 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80396-5">CCE-80396-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030640</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86775r4_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of >privileged commands for all users and root. If the <code>auditd</code> daemon is >configured to use the <code>augenrules</code> program to read audit rules during >daemon startup (the default), add a line of the following form to a file with >suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/bin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add a line of the following >form to <code>/etc/audit/audit.rules</code>: ><pre>-a always,exit -F path=/usr/bin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pt_chown" id="rule-detail-idm45508564762480"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - pt_chownxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pt_chown mediumCCE-80409-6 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pt_chown</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80409-6">CCE-80409-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of >privileged commands for all users and root. If the <code>auditd</code> daemon is >configured to use the <code>augenrules</code> program to read audit rules during >daemon startup (the default), add a line of the following form to a file with >suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/libexec/pt_chown -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add a line of the following >form to <code>/etc/audit/audit.rules</code>: ><pre>-a always,exit -F path=/usr/libexec/pt_chown -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_keysign" id="rule-detail-idm45508564758784"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysignxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_keysign mediumCCE-80408-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_keysign</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80408-8">CCE-80408-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030780</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86803r2_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of >privileged commands for all users and root. If the <code>auditd</code> daemon is >configured to use the <code>augenrules</code> program to read audit rules during >daemon startup (the default), add a line of the following form to a file with >suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add a line of the following >form to <code>/etc/audit/audit.rules</code>: ><pre>-a always,exit -F path=/usr/libexec/openssh/key-sign -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudoedit" id="rule-detail-idm45508564755072"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - sudoeditxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudoedit mediumCCE-80402-1 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudoedit</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80402-1">CCE-80402-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030730</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86793r4_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of >privileged commands for all users and root. If the <code>auditd</code> daemon is >configured to use the <code>augenrules</code> program to read audit rules during >daemon startup (the default), add a line of the following form to a file with >suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add a line of the following >form to <code>/etc/audit/audit.rules</code>: ><pre>-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr><tr><td colspan="2"><div class="remediation"><span class="label label-success">Remediation Shell script:</span>   <a data-toggle="collapse" data-target="#idm45508570251472">(show)</a><br></br><div class="panel-collapse collapse" id="idm45508570251472"><pre><code> > >PATTERN="-a always,exit -F path=/usr/bin/sudoedit\\s*.*" >GROUP="privileged" >FULL_RULE="-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged" ># Perform the remediation for both possible tools: 'auditctl' and 'augenrules' ><abbr title="from TestResult: xccdf_org.ssgproject.content_value_function_fix_audit_syscall_rule"># Function to fix syscall audit rule for given system call. It is ># based on example audit syscall rule definitions as outlined in ># /usr/share/doc/audit-2.3.7/stig.rules file provided with the audit ># package. It will combine multiple system calls belonging to the same ># syscall group into one audit rule (rather than to create audit rule per ># different system call) to avoid audit infrastructure performance penalty ># in the case of 'one-audit-rule-definition-per-one-system-call'. See: ># ># https://www.redhat.com/archives/linux-audit/2014-November/msg00009.html ># ># for further details. ># ># Expects five arguments (each of them is required) in the form of: ># * audit tool tool used to load audit rules, ># either 'auditctl', or 'augenrules ># * audit rules' pattern audit rule skeleton for same syscall ># * syscall group greatest common string this rule shares ># with other rules from the same group ># * architecture architecture this rule is intended for ># * full form of new rule to add expected full form of audit rule as to be ># added into audit.rules file ># ># Note: The 2-th up to 4-th arguments are used to determine how many existing ># audit rules will be inspected for resemblance with the new audit rule ># (5-th argument) the function is going to add. The rule's similarity check ># is performed to optimize audit.rules definition (merge syscalls of the same ># group into one rule) to avoid the "single-syscall-per-audit-rule" performance ># penalty. ># ># Example call: ># ># See e.g. 'audit_rules_file_deletion_events.sh' remediation script ># >function fix_audit_syscall_rule { > ># Load function arguments into local variables >local tool="$1" >local pattern="$2" >local group="$3" >local arch="$4" >local full_rule="$5" > ># Check sanity of the input >if [ $# -ne "5" ] >then > echo "Usage: fix_audit_syscall_rule 'tool' 'pattern' 'group' 'arch' 'full rule'" > echo "Aborting." > exit 1 >fi > ># Create a list of audit *.rules files that should be inspected for presence and correctness ># of a particular audit rule. The scheme is as follows: ># ># ----------------------------------------------------------------------------------------- ># Tool used to load audit rules | Rule already defined | Audit rules file to inspect | ># ----------------------------------------------------------------------------------------- ># auditctl | Doesn't matter | /etc/audit/audit.rules | ># ----------------------------------------------------------------------------------------- ># augenrules | Yes | /etc/audit/rules.d/*.rules | ># augenrules | No | /etc/audit/rules.d/$key.rules | ># ----------------------------------------------------------------------------------------- ># >declare -a files_to_inspect > >retval=0 > ># First check sanity of the specified audit tool >if [ "$tool" != 'auditctl' ] && [ "$tool" != 'augenrules' ] >then > echo "Unknown audit rules loading tool: $1. Aborting." > echo "Use either 'auditctl' or 'augenrules'!" > return 1 ># If audit tool is 'auditctl', then add '/etc/audit/audit.rules' ># file to the list of files to be inspected >elif [ "$tool" == 'auditctl' ] >then > files_to_inspect=("${files_to_inspect[@]}" '/etc/audit/audit.rules' ) ># If audit tool is 'augenrules', then check if the audit rule is defined ># If rule is defined, add '/etc/audit/rules.d/*.rules' to the list for inspection ># If rule isn't defined yet, add '/etc/audit/rules.d/$key.rules' to the list for inspection >elif [ "$tool" == 'augenrules' ] >then > # Extract audit $key from audit rule so we can use it later > key=$(expr "$full_rule" : '.*-k[[:space:]]\([^[:space:]]\+\)' '|' "$full_rule" : '.*-F[[:space:]]key=\([^[:space:]]\+\)') > # Check if particular audit rule is already defined > IFS=$'\n' matches=($(sed -s -n -e "\;${pattern};!d" -e "/${arch}/!d" -e "/${group}/!d;F" /etc/audit/rules.d/*.rules)) > if [ $? -ne 0 ] > then > retval=1 > fi > # Reset IFS back to default > unset IFS > for match in "${matches[@]}" > do > files_to_inspect=("${files_to_inspect[@]}" "${match}") > done > # Case when particular rule isn't defined in /etc/audit/rules.d/*.rules yet > if [ ${#files_to_inspect[@]} -eq "0" ] > then > files_to_inspect="/etc/audit/rules.d/$key.rules" > if [ ! -e "$files_to_inspect" ] > then > touch "$files_to_inspect" > chmod 0640 "$files_to_inspect" > fi > fi >fi > ># ># Indicator that we want to append $full_rule into $audit_file by default >local append_expected_rule=0 > >for audit_file in "${files_to_inspect[@]}" >do > > # Filter existing $audit_file rules' definitions to select those that: > # * follow the rule pattern, and > # * meet the hardware architecture requirement, and > # * are current syscall group specific > IFS=$'\n' existing_rules=($(sed -e "\;${pattern};!d" -e "/${arch}/!d" -e "/${group}/!d" "$audit_file")) > if [ $? -ne 0 ] > then > retval=1 > fi > # Reset IFS back to default > unset IFS > > # Process rules found case-by-case > for rule in "${existing_rules[@]}" > do > # Found rule is for same arch & key, but differs (e.g. in count of -S arguments) > if [ "${rule}" != "${full_rule}" ] > then > # If so, isolate just '(-S \w)+' substring of that rule > rule_syscalls=$(echo $rule | grep -o -P '(-S \w+ )+') > # Check if list of '-S syscall' arguments of that rule is subset > # of '-S syscall' list of expected $full_rule > if grep -q -- "$rule_syscalls" <<< "$full_rule" > then > # Rule is covered (i.e. the list of -S syscalls for this rule is > # subset of -S syscalls of $full_rule => existing rule can be deleted > # Thus delete the rule from audit.rules & our array > sed -i -e "\;${rule};d" "$audit_file" > if [ $? -ne 0 ] > then > retval=1 > fi > existing_rules=("${existing_rules[@]//$rule/}") > else > # Rule isn't covered by $full_rule - it besides -S syscall arguments > # for this group contains also -S syscall arguments for other syscall > # group. Example: '-S lchown -S fchmod -S fchownat' => group='chown' > # since 'lchown' & 'fchownat' share 'chown' substring > # Therefore: > # * 1) delete the original rule from audit.rules > # (original '-S lchown -S fchmod -S fchownat' rule would be deleted) > # * 2) delete the -S syscall arguments for this syscall group, but > # keep those not belonging to this syscall group > # (original '-S lchown -S fchmod -S fchownat' would become '-S fchmod' > # * 3) append the modified (filtered) rule again into audit.rules > # if the same rule not already present > # > # 1) Delete the original rule > sed -i -e "\;${rule};d" "$audit_file" > if [ $? -ne 0 ] > then > retval=1 > fi > # 2) Delete syscalls for this group, but keep those from other groups > # Convert current rule syscall's string into array splitting by '-S' delimiter > IFS=$'-S' read -a rule_syscalls_as_array <<< "$rule_syscalls" > # Reset IFS back to default > unset IFS > # Declare new empty string to hold '-S syscall' arguments from other groups > new_syscalls_for_rule='' > # Walk through existing '-S syscall' arguments > for syscall_arg in "${rule_syscalls_as_array[@]}" > do > # Skip empty $syscall_arg values > if [ "$syscall_arg" == '' ] > then > continue > fi > # If the '-S syscall' doesn't belong to current group add it to the new list > # (together with adding '-S' delimiter back for each of such item found) > if grep -q -v -- "$group" <<< "$syscall_arg" > then > new_syscalls_for_rule="$new_syscalls_for_rule -S $syscall_arg" > fi > done > # Replace original '-S syscall' list with the new one for this rule > updated_rule=${rule//$rule_syscalls/$new_syscalls_for_rule} > # Squeeze repeated whitespace characters in rule definition (if any) into one > updated_rule=$(echo "$updated_rule" | tr -s '[:space:]') > # 3) Append the modified / filtered rule again into audit.rules > # (but only in case it's not present yet to prevent duplicate definitions) > if ! grep -q -- "$updated_rule" "$audit_file" > then > echo "$updated_rule" >> "$audit_file" > fi > fi > else > # $audit_file already contains the expected rule form for this > # architecture & key => don't insert it second time > append_expected_rule=1 > fi > done > > # We deleted all rules that were subset of the expected one for this arch & key. > # Also isolated rules containing system calls not from this system calls group. > # Now append the expected rule if it's not present in $audit_file yet > if [[ ${append_expected_rule} -eq "0" ]] > then > echo "$full_rule" >> "$audit_file" > fi >done > >return $retval > >} ></abbr> >fix_audit_syscall_rule "auditctl" "$PATTERN" "$GROUP" "$ARCH" "$FULL_RULE" >fix_audit_syscall_rule "augenrules" "$PATTERN" "$GROUP" "$ARCH" "$FULL_RULE" ></code></pre></div></div></td></tr><tr><td colspan="2"><div class="remediation"><span class="label label-success">Remediation Ansible snippet:</span>Â Â Â <a data-toggle="collapse" data-target="#idm45508570249248">(show)</a><br></br><div class="panel-collapse collapse" id="idm45508570249248"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code> ># Inserts/replaces the rule in /etc/audit/rules.d > >- name: Search /etc/audit/rules.d for audit rule entries > find: > paths: "/etc/audit/rules.d" > recurse: no > contains: "^.*path=/usr/bin/sudoedit.*$" > patterns: "*.rules" > register: find_sudoedit > >- name: Use /etc/audit/rules.d/privileged.rules as the recipient for the rule > set_fact: > all_files: > - /etc/audit/rules.d/privileged.rules > when: find_sudoedit.matched == 0 > >- name: Use matched file as the recipient for the rule > set_fact: > all_files: > - "{{ find_sudoedit.files | map(attribute='path') | list | first }}" > when: find_sudoedit.matched > 0 > >- name: Inserts/replaces the sudoedit rule in rules.d > lineinfile: > path: "{{ all_files[0] }}" > line: '-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged' > create: yes > tags: > - audit_rules_privileged_commands_sudoedit > - medium_severity > - restrict_strategy > - low_complexity > - low_disruption > - CCE-80402-1 > - NIST-800-53-AU-3(1) > - NIST-800-53-AU-12(c) > - NIST-800-171-3.1.7 > - DISA-STIG-RHEL-07-030730 > ># Inserts/replaces the sudoedit rule in /etc/audit/audit.rules > >- name: Inserts/replaces the sudoedit rule in audit.rules > lineinfile: > path: /etc/audit/audit.rules > line: '-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged' > create: yes > tags: > - audit_rules_privileged_commands_sudoedit > - medium_severity > - restrict_strategy > - low_complexity > - low_disruption > - CCE-80402-1 > - NIST-800-53-AU-3(1) > - NIST-800-53-AU-12(c) > - NIST-800-171-3.1.7 > - DISA-STIG-RHEL-07-030730 ></code></pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_mount" id="rule-detail-idm45508564751376"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - mountxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_mount medium</div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - mount</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_mount</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of >privileged commands for all users and root. If the <code>auditd</code> daemon is >configured to use the <code>augenrules</code> program to read audit rules during >daemon startup (the default), add a line of the following form to a file with >suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add a line of the following >form to <code>/etc/audit/audit.rules</code>: ><pre>-a always,exit -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newuidmap" id="rule-detail-idm45508564748336"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - newuidmapxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newuidmap medium</div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - newuidmap</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newuidmap</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of >privileged commands for all users and root. If the <code>auditd</code> daemon is >configured to use the <code>augenrules</code> program to read audit rules during >daemon startup (the default), add a line of the following form to a file with >suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/bin/newuidmap -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add a line of the following >form to <code>/etc/audit/audit.rules</code>: ><pre>-a always,exit -F path=/usr/bin/newuidmap -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd" id="rule-detail-idm45508564745264"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - gpasswdxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd mediumCCE-80397-3 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80397-3">CCE-80397-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030650</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86777r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of >privileged commands for all users and root. If the <code>auditd</code> daemon is >configured to use the <code>augenrules</code> program to read audit rules during >daemon startup (the default), add a line of the following form to a file with >suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add a line of the following >form to <code>/etc/audit/audit.rules</code>: ><pre>-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_su" id="rule-detail-idm45508564739232"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - suxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_su mediumCCE-80400-5 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - su</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_su</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80400-5">CCE-80400-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030680</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86783r4_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of >privileged commands for all users and root. If the <code>auditd</code> daemon is >configured to use the <code>augenrules</code> program to read audit rules during >daemon startup (the default), add a line of the following form to a file with >suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/bin/su -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add a line of the following >form to <code>/etc/audit/audit.rules</code>: ><pre>-a always,exit -F path=/usr/bin/su -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp" id="rule-detail-idm45508564735504"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - newgrpxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp mediumCCE-80403-9 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - newgrp</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80403-9">CCE-80403-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030710</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86789r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of >privileged commands for all users and root. If the <code>auditd</code> daemon is >configured to use the <code>augenrules</code> program to read audit rules during >daemon startup (the default), add a line of the following form to a file with >suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add a line of the following >form to <code>/etc/audit/audit.rules</code>: ><pre>-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by >authorized users, or by unauthorized external entities that have compromised system accounts, >is a serious and ongoing concern and can have significant adverse impacts on organizations. >Auditing the use of privileged functions is one way to detect such misuse and identify >the risk from insider and advanced persistent threast. ><br><br> >Privileged programs are subject to escalation-of-privilege attacks, >which attempt to subvert their normal role of providing some necessary but >limited capability. As such, motivation exists to monitor these programs for >unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat" id="rule-detail-idm45508564731808"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Delete Attempts to Files - renameatxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Delete Attempts to Files - renameat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file deletion >attempts for all users and root. If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file. ><pre>-a always,exit -F arch=b32 -S renameat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete >-a always,exit -F arch=b32 -S renameat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete</pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S renameat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete >-a always,exit -F arch=b64 -S renameat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to delete files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-delete</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_chmod" id="rule-detail-idm45508564728736"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Permission Changes to Files - chmodxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_chmod medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Permission Changes to Files - chmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_chmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file permission change >attempts for all users and root. >If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file. ><pre>-a always,exit -F arch=b32 -S chmod -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b32 -S chmod -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> >If the system is 64 bit then also add the following lines: ><pre>-a always,exit -F arch=b64 -S chmod -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b64 -S chmod -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change permissions of files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the audit rule checks a >system call independently of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_o_trunc_write" id="rule-detail-idm45508564725664"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Modification Attempts to Files - open O_TRUNCxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_o_trunc_write medium</div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Modification Attempts to Files - open O_TRUNC</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_o_trunc_write</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect detailed unauthorized file accesses for >all users and root. The <code>open</code> syscall can be used to modify files >if called for write operation of with O_TRUNC flag. >The following auidt rules will asure that unsuccessful attempts to modify a >file via <code>open</code> syscall are collected. >If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> >program to read audit rules during daemon startup (the default), add the >rules below to a file with suffix <code>.rules</code> in the directory ><code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the rules below to ><code>/etc/audit/audit.rules</code> file. ><pre> >-a always,exit -F arch=b32 -S open -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification >-a always,exit -F arch=b32 -S open -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification ></pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S open -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification >-a always,exit -F arch=b64 -S open -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification ></pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchownat" id="rule-detail-idm45508564722560"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Ownership Changes to Files - fchownatxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchownat medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Ownership Changes to Files - fchownat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchownat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file ownership change >attempts for all users and root. >If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file. ><pre>-a always,exit -F arch=b32 -S fchownat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b32 -S fchownat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> >If the system is 64 bit then also add the following lines: ><pre>-a always,exit -F arch=b64 -S fchownat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b64 -S fchownat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change ownership of files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the audit rule checks a >system call independently of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S lchown,fchown,chown,fchownat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_o_creat" id="rule-detail-idm45508564719456"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Creation Attempts to Files - openat O_CREATxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_o_creat medium</div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Creation Attempts to Files - openat O_CREAT</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_o_creat</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unauthorized file accesses for >all users and root. The <code>openat</code> syscall can be used to create new files >when O_CREAT flag is specified. >The following auidt rules will asure that unsuccessful attempts to create a >file via <code>openat</code> syscall are collected. >If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> >program to read audit rules during daemon startup (the default), add the >rules below to a file with suffix <code>.rules</code> in the directory ><code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the rules below to ><code>/etc/audit/audit.rules</code> file. ><pre> >-a always,exit -F arch=b32 -S openat -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create >-a always,exit -F arch=b32 -S openat -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create ></pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S openat -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create >-a always,exit -F arch=b64 -S openat -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create ></pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lchown" id="rule-detail-idm45508564716352"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Ownership Changes to Files - lchownxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lchown medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Ownership Changes to Files - lchown</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lchown</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file ownership change >attempts for all users and root. >If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file. ><pre>-a always,exit -F arch=b32 -S lchown -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b32 -S lchown -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> >If the system is 64 bit then also add the following lines: ><pre>-a always,exit -F arch=b64 -S lchown -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b64 -S lchown -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change ownership of files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the audit rule checks a >system call independently of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S lchown,fchown,chown,fchownat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate" id="rule-detail-idm45508564713280"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Access Attempts to Files (unsuccessful) - truncatexccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate mediumCCE-80389-0 </div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Access Attempts to Files (unsuccessful) - truncate</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80389-0">CCE-80389-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030540</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86755r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect unauthorized file >accesses for all users and root. If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S truncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b32 -S truncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S truncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b64 -S truncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b32 -S truncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b32 -S truncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S truncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b64 -S truncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping these system >calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_removexattr" id="rule-detail-idm45508564709568"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Permission Changes to Files - removexattrxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_removexattr medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Permission Changes to Files - removexattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_removexattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file permission change >attempts for all users and root. >If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file. ><pre>-a always,exit -F arch=b32 -S removexattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b32 -S removexattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> >If the system is 64 bit then also add the following lines: ><pre>-a always,exit -F arch=b64 -S removexattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b64 -S removexattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change permissions of files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the audit rule checks a >system call independently of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_chown" id="rule-detail-idm45508564706480"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Ownership Changes to Files - chownxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_chown medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Ownership Changes to Files - chown</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_chown</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file ownership change >attempts for all users and root. >If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file. ><pre>-a always,exit -F arch=b32 -S chown -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b32 -S chown -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> >If the system is 64 bit then also add the following lines: ><pre>-a always,exit -F arch=b64 -S chown -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b64 -S chown -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change ownership of files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the audit rule checks a >system call independently of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S lchown,fchown,chown,fchownat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchown" id="rule-detail-idm45508564703408"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Ownership Changes to Files - fchownxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchown medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Ownership Changes to Files - fchown</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchown</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file ownership change >attempts for all users and root. >If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file. ><pre>-a always,exit -F arch=b32 -S fchown -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b32 -S fchown -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> >If the system is 64 bit then also add the following lines: ><pre>-a always,exit -F arch=b64 -S fchown -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b64 -S fchown -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change ownership of files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the audit rule checks a >system call independently of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S lchown,fchown,chown,fchownat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchmodat" id="rule-detail-idm45508564700336"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Permission Changes to Files - fchmodatxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchmodat medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Permission Changes to Files - fchmodat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchmodat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file permission change >attempts for all users and root. >If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file. ><pre>-a always,exit -F arch=b32 -S fchmodat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b32 -S fchmodat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> >If the system is 64 bit then also add the following lines: ><pre>-a always,exit -F arch=b64 -S fchmodat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b64 -S fchmodat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change permissions of files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the audit rule checks a >system call independently of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_setxattr" id="rule-detail-idm45508564697264"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Permission Changes to Files - setxattrxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_setxattr medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Permission Changes to Files - setxattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_setxattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file permission change >attempts for all users and root. >If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file. ><pre>-a always,exit -F arch=b32 -S setxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b32 -S setxattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> >If the system is 64 bit then also add the following lines: ><pre>-a always,exit -F arch=b64 -S setxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b64 -S setxattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change permissions of files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the audit rule checks a >system call independently of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lremovexattr" id="rule-detail-idm45508564694192"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Permission Changes to Files - lremovexattrxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lremovexattr medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Permission Changes to Files - lremovexattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lremovexattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file permission change >attempts for all users and root. >If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file. ><pre>-a always,exit -F arch=b32 -S lremovexattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b32 -S lremovexattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> >If the system is 64 bit then also add the following lines: ><pre>-a always,exit -F arch=b64 -S lremovexattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b64 -S lremovexattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change permissions of files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the audit rule checks a >system call independently of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat" id="rule-detail-idm45508564691104"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Access Attempts to Files (unsuccessful) - creatxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat mediumCCE-80385-8 </div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Access Attempts to Files (unsuccessful) - creat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80385-8">CCE-80385-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030500</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86747r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect unauthorized file >accesses for all users and root. If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping these system >calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_o_creat" id="rule-detail-idm45508564687392"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Creation Attempts to Files - open O_CREATxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_o_creat medium</div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Creation Attempts to Files - open O_CREAT</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_o_creat</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unauthorized file accesses for >all users and root. The <code>open</code> syscall can be used to create new files >when O_CREAT flag is specified. >The following auidt rules will asure that unsuccessful attempts to create a >file via <code>open</code> syscall are collected. >If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> >program to read audit rules during daemon startup (the default), add the >rules below to a file with suffix <code>.rules</code> in the directory ><code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the rules below to ><code>/etc/audit/audit.rules</code> file. ><pre> >-a always,exit -F arch=b32 -S open -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create >-a always,exit -F arch=b32 -S open -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create ></pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S open -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create >-a always,exit -F arch=b64 -S open -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create ></pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fremovexattr" id="rule-detail-idm45508564684304"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Permission Changes to Files - fremovexattrxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fremovexattr medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Permission Changes to Files - fremovexattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fremovexattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file permission change >attempts for all users and root. >If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file. ><pre>-a always,exit -F arch=b32 -S fremovexattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b32 -S fremovexattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> >If the system is 64 bit then also add the following lines: ><pre>-a always,exit -F arch=b64 -S fremovexattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b64 -S fremovexattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change permissions of files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the audit rule checks a >system call independently of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlink" id="rule-detail-idm45508564681216"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Delete Attempts to Files - unlinkxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlink medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Delete Attempts to Files - unlink</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlink</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file deletion >attempts for all users and root. If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file. ><pre>-a always,exit -F arch=b32 -S unlink -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete >-a always,exit -F arch=b32 -S unlink -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete</pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S unlink -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete >-a always,exit -F arch=b64 -S unlink -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to delete files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-delete</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fsetxattr" id="rule-detail-idm45508564678144"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Permission Changes to Files - fsetxattrxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fsetxattr medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Permission Changes to Files - fsetxattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fsetxattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file permission change >attempts for all users and root. >If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file. ><pre>-a always,exit -F arch=b32 -S fsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b32 -S fsetxattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> >If the system is 64 bit then also add the following lines: ><pre>-a always,exit -F arch=b64 -S fsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b64 -S fsetxattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change permissions of files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the audit rule checks a >system call independently of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_rule_order" id="rule-detail-idm45508564675072"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctlyxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_rule_order medium</div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_rule_order</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect detailed unauthorized file >accesses for all users and root. >To correctly identify unsuccessful creation, unsuccessful modification and unsuccessful access >of files via <code>openat</code> syscall the audit rules collecting these events need to be in certain order. >The more specific rules need to come before the less specific rules. The reason for that is that more >specific rules cover a subset of events covered in the less specific rules, thus, they need to come >before to not be overshadowed by less specific rules, which match a bigger set of events. >Make sure that rules for unsuccessful calls of <code>openat</code> syscall are in the order shown below. >If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> >program to read audit rules during daemon startup (the default), check the order of >rules below in a file with suffix <code>.rules</code> in the directory ><code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, check the order of rules below in ><code>/etc/audit/audit.rules</code> file. ><pre> >-a always,exit -F arch=b32 -S openat -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create >-a always,exit -F arch=b32 -S openat -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create >-a always,exit -F arch=b32 -S openat -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification >-a always,exit -F arch=b32 -S openat -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification >-a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-access >-a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-access ></pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S openat -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create >-a always,exit -F arch=b64 -S openat -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create >-a always,exit -F arch=b64 -S openat -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification >-a always,exit -F arch=b64 -S openat -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification >-a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-access >-a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-access ></pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The more specific rules cover a subset of events covered by the less specific rules. >By ordering them from more specific to less specific, it is assured that the less specific >rule will not catch events better recorded by the more specific rule.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_rule_order" id="rule-detail-idm45508564671968"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctlyxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_rule_order medium</div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_rule_order</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect detailed unauthorized file >accesses for all users and root. >To correctly identify unsuccessful creation, unsuccessful modification and unsuccessful access >of files via <code>open</code> syscall the audit rules collecting these events need to be in certain order. >The more specific rules need to come before the less specific rules. The reason for that is that more >specific rules cover a subset of events covered in the less specific rules, thus, they need to come >before to not be overshadowed by less specific rules, which match a bigger set of events. >Make sure that rules for unsuccessful calls of <code>open</code> syscall are in the order shown below. >If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> >program to read audit rules during daemon startup (the default), check the order of >rules below in a file with suffix <code>.rules</code> in the directory ><code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, check the order of rules below in ><code>/etc/audit/audit.rules</code> file. ><pre> >-a always,exit -F arch=b32 -S open -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create >-a always,exit -F arch=b32 -S open -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create >-a always,exit -F arch=b32 -S open -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification >-a always,exit -F arch=b32 -S open -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification >-a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-access >-a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-access ></pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S open -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create >-a always,exit -F arch=b64 -S open -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create >-a always,exit -F arch=b64 -S open -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification >-a always,exit -F arch=b64 -S open -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification >-a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-access >-a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-access ></pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The more specific rules cover a subset of events covered by the less specific rules. >By ordering them from more specific to less specific, it is assured that the less specific >rule will not catch events better recorded by the more specific rule.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open" id="rule-detail-idm45508564668864"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Access Attempts to Files (unsuccessful) - openxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open mediumCCE-80386-6 </div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Access Attempts to Files (unsuccessful) - open</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80386-6">CCE-80386-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030510</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86749r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect unauthorized file >accesses for all users and root. If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping these system >calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lsetxattr" id="rule-detail-idm45508564665152"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Permission Changes to Files - lsetxattrxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lsetxattr medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Permission Changes to Files - lsetxattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lsetxattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file permission change >attempts for all users and root. >If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file. ><pre>-a always,exit -F arch=b32 -S lsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b32 -S lsetxattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> >If the system is 64 bit then also add the following lines: ><pre>-a always,exit -F arch=b64 -S lsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b64 -S lsetxattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change permissions of files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the audit rule checks a >system call independently of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat" id="rule-detail-idm45508564662080"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Creation Attempts to Files - open_by_handle_at O_CREATxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat medium</div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Creation Attempts to Files - open_by_handle_at O_CREAT</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unauthorized file accesses for >all users and root. The <code>open_by_handle_at</code> syscall can be used to create new files >when O_CREAT flag is specified. >The following auidt rules will asure that unsuccessful attempts to create a >file via <code>open_by_handle_at</code> syscall are collected. >If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> >program to read audit rules during daemon startup (the default), add the >rules below to a file with suffix <code>.rules</code> in the directory ><code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the rules below to ><code>/etc/audit/audit.rules</code> file. ><pre> >-a always,exit -F arch=b32 -S open_by_handle_at -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create >-a always,exit -F arch=b32 -S open_by_handle_at -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create ></pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S open_by_handle_at -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create >-a always,exit -F arch=b64 -S open_by_handle_at -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create ></pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at" id="rule-detail-idm45508564658976"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Access Attempts to Files (unsuccessful) - open_by_handle_atxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at mediumCCE-80388-2 </div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Access Attempts to Files (unsuccessful) - open_by_handle_at</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80388-2">CCE-80388-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030530</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86753r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect unauthorized file >accesses for all users and root. If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b32 -S open_by_handle_at,truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b32 -S open_by_handle_at,truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S open_by_handle_at,truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b64 -S open_by_handle_at,truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping these system >calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate" id="rule-detail-idm45508564655232"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Access Attempts to Files (unsuccessful) - ftruncatexccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate mediumCCE-80390-8 </div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Access Attempts to Files (unsuccessful) - ftruncate</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80390-8">CCE-80390-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030550</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86757r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect unauthorized file >accesses for all users and root. If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b32 -S ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S ftruncate -F exiu=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b64 -S ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b32 -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b32 -S ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b64 -S ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping these system >calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order" id="rule-detail-idm45508564651520"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctlyxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order medium</div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect detailed unauthorized file >accesses for all users and root. >To correctly identify unsuccessful creation, unsuccessful modification and unsuccessful access >of files via <code>open_by_handle_at</code> syscall the audit rules collecting these events need to be in certain order. >The more specific rules need to come before the less specific rules. The reason for that is that more >specific rules cover a subset of events covered in the less specific rules, thus, they need to come >before to not be overshadowed by less specific rules, which match a bigger set of events. >Make sure that rules for unsuccessful calls of <code>open_by_handle_at</code> syscall are in the order shown below. >If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> >program to read audit rules during daemon startup (the default), check the order of >rules below in a file with suffix <code>.rules</code> in the directory ><code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, check the order of rules below in ><code>/etc/audit/audit.rules</code> file. ><pre> >-a always,exit -F arch=b32 -S open_by_handle_at -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create >-a always,exit -F arch=b32 -S open_by_handle_at -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create >-a always,exit -F arch=b32 -S open_by_handle_at -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification >-a always,exit -F arch=b32 -S open_by_handle_at -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification >-a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-access >-a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-access ></pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S open_by_handle_at -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create >-a always,exit -F arch=b64 -S open_by_handle_at -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create >-a always,exit -F arch=b64 -S open_by_handle_at -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification >-a always,exit -F arch=b64 -S open_by_handle_at -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification >-a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-access >-a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-access ></pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The more specific rules cover a subset of events covered by the less specific rules. >By ordering them from more specific to less specific, it is assured that the less specific >rule will not catch events better recorded by the more specific rule.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlinkat" id="rule-detail-idm45508564648400"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Delete Attempts to Files - unlinkatxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlinkat medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Delete Attempts to Files - unlinkat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlinkat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file deletion >attempts for all users and root. If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file. ><pre>-a always,exit -F arch=b32 -S unlinkat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete >-a always,exit -F arch=b32 -S unlinkat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete</pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S unlinkat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete >-a always,exit -F arch=b64 -S unlinkat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to delete files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-delete</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_o_trunc_write" id="rule-detail-idm45508564645328"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Modification Attempts to Files - openat O_TRUNCxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_o_trunc_write medium</div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Modification Attempts to Files - openat O_TRUNC</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_o_trunc_write</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect detailed unauthorized file accesses for >all users and root. The <code>openat</code> syscall can be used to modify files >if called for write operation of with O_TRUNC flag. >The following auidt rules will asure that unsuccessful attempts to modify a >file via <code>openat</code> syscall are collected. >If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> >program to read audit rules during daemon startup (the default), add the >rules below to a file with suffix <code>.rules</code> in the directory ><code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the rules below to ><code>/etc/audit/audit.rules</code> file. ><pre> >-a always,exit -F arch=b32 -S openat -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification >-a always,exit -F arch=b32 -S openat -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification ></pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S openat -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification >-a always,exit -F arch=b64 -S openat -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification ></pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchmod" id="rule-detail-idm45508564639872"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Permission Changes to Files - fchmodxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchmod medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Permission Changes to Files - fchmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file permission change >attempts for all users and root. >If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file. ><pre>-a always,exit -F arch=b32 -S fchmod -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b32 -S fchmod -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> >If the system is 64 bit then also add the following lines: ><pre>-a always,exit -F arch=b64 -S fchmod -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change >-a always,exit -F arch=b64 -S fchmod -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change permissions of files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the audit rule checks a >system call independently of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write" id="rule-detail-idm45508564636752"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Modification Attempts to Files - open_by_handle_at O_TRUNCxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write medium</div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Modification Attempts to Files - open_by_handle_at O_TRUNC</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect detailed unauthorized file accesses for >all users and root. The <code>open_by_handle_at</code> syscall can be used to modify files >if called for write operation of with O_TRUNC flag. >The following auidt rules will asure that unsuccessful attempts to modify a >file via <code>open_by_handle_at</code> syscall are collected. >If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> >program to read audit rules during daemon startup (the default), add the >rules below to a file with suffix <code>.rules</code> in the directory ><code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the rules below to ><code>/etc/audit/audit.rules</code> file. ><pre> >-a always,exit -F arch=b32 -S open_by_handle_at -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification >-a always,exit -F arch=b32 -S open_by_handle_at -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification ></pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S open_by_handle_at -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification >-a always,exit -F arch=b64 -S open_by_handle_at -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification ></pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat" id="rule-detail-idm45508564633616"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Access Attempts to Files (unsuccessful) - openatxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat mediumCCE-80387-4 </div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Access Attempts to Files (unsuccessful) - openat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80387-4">CCE-80387-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030520</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86751r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect unauthorized file >accesses for all users and root. If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access >-a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping these system >calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_rename" id="rule-detail-idm45508564629904"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Delete Attempts to Files - renamexccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_rename medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Delete Attempts to Files - rename</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_rename</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file deletion >attempts for all users and root. If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file. ><pre>-a always,exit -F arch=b32 -S rename -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete >-a always,exit -F arch=b32 -S rename -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete</pre> >If the system is 64 bit then also add the following lines: ><pre> >-a always,exit -F arch=b64 -S rename -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete >-a always,exit -F arch=b64 -S rename -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to delete files could be an indicator of malicious activity on a system. Auditing >these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-delete</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions" id="rule-detail-idm45508564626832"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects System Administrator Actionsxccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions unknownCCE-27461-3 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects System Administrator Actions</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27461-3">CCE-27461-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030700</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86787r4_rule</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000130</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(7)(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">iAU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.2</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.5.b</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000037-GPOS-00015</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000462-GPOS-00206</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect administrator actions >for all users and root. If the <code>auditd</code> daemon is configured to use the ><code>augenrules</code> program to read audit rules during daemon startup (the default), >add the following line to a file with suffix <code>.rules</code> in the directory ><code>/etc/audit/rules.d</code>: ><pre>-w /etc/sudoers -p wa -k actions >-w /etc/sudoers.d/ -p wa -k actions</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following line to ><code>/etc/audit/audit.rules</code> file: ><pre>-w /etc/sudoers -p wa -k actions >-w /etc/sudoers.d/ -p wa -k actions</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The actions taken by system administrators should be audited to keep a record >of what was executed on the system, as well as, for accountability purposes.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open_by_handle_at" id="rule-detail-idm45508564618416"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwdxccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open_by_handle_at medium</div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open_by_handle_at</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect write events to /etc/passwd file for all users and root. >If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S open_by_handle_at -F a2&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b64 -S open_by_handle_at -F a2&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Creation of users through direct edition of /etc/passwd could be an indicator of malicious activity on a system. >Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open_by_handle_at" id="rule-detail-idm45508564615312"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/groupxccdf_org.ssgproject.content_rule_audit_rules_etc_group_open_by_handle_at medium</div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open_by_handle_at</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect write events to /etc/group file for all group and root. >If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S open_by_handle_at -F a2&03 -F path=/etc/group -F auid>=1000 -F auid!=unset -F key=group-modify</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b64 -S open_by_handle_at -F a2&03 -F path=/etc/group -F auid>=1000 -F auid!=unset -F key=group-modify</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Creation of groups through direct edition of /etc/group could be an indicator of malicious activity on a system. >Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&03 -F path=/etc/group -F auid>=1000 -F auid!=unset -F key=group-modify</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open" id="rule-detail-idm45508564612256"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information via open syscall - /etc/passwdxccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open medium</div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information via open syscall - /etc/passwd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect write events to /etc/passwd file for all users and root. >If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S open -F a2&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b64 -S open -F a2&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Creation of users through direct edition of /etc/passwd could be an indicator of malicious activity on a system. >Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_session_events" id="rule-detail-idm45508564609216"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Attempts to Alter Process and Session Initiation Informationxccdf_org.ssgproject.content_rule_audit_rules_session_events unknownCCE-27301-1 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Process and Session Initiation Information</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_session_events</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27301-1">CCE-27301-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.3</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system already collects process information for all >users and root. If the <code>auditd</code> daemon is configured to use the ><code>augenrules</code> program to read audit rules during daemon startup (the >default), add the following lines to a file with suffix <code>.rules</code> in the >directory <code>/etc/audit/rules.d</code> in order to watch for attempted manual >edits of files involved in storing such process information: ><pre>-w /var/run/utmp -p wa -k session >-w /var/log/btmp -p wa -k session >-w /var/log/wtmp -p wa -k session</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file in order to watch for attempted manual >edits of files involved in storing such process information: ><pre>-w /var/run/utmp -p wa -k session >-w /var/log/btmp -p wa -k session >-w /var/log/wtmp -p wa -k session</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Manual editing of these files may indicate nefarious activity, such >as an attacker attempting to remove evidence of an intrusion.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_etc_group_openat" id="rule-detail-idm45508564605536"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information via openat syscall - /etc/groupxccdf_org.ssgproject.content_rule_audit_rules_etc_group_openat medium</div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information via openat syscall - /etc/group</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_etc_group_openat</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect write events to /etc/group file for all users and root. >If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S openat -F a2&03 -F path=/etc/group -F auid>=1000 -F auid!=unset -F key=group-modify</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b64 -S openat -F a2&03 -F path=/etc/group -F auid>=1000 -F auid!=unset -F key=group-modify</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Creation of groups through direct edition of /etc/group could be an indicator of malicious activity on a system. >Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&03 -F path=/etc/group -F auid>=1000 -F auid!=unset -F key=group-modify</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_immutable" id="rule-detail-idm45508564602496"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Make the auditd Configuration Immutablexccdf_org.ssgproject.content_rule_audit_rules_immutable mediumCCE-27097-5 </div><div class="panel-heading"><h3 class="panel-title">Make the auditd Configuration Immutable</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_immutable</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27097-5">CCE-27097-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">4.1.18</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.3</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.2</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>If the <code>auditd</code> daemon is configured to use the ><code>augenrules</code> program to read audit rules during daemon startup (the >default), add the following line to a file with suffix <code>.rules</code> in the >directory <code>/etc/audit/rules.d</code> in order to make the auditd configuration >immutable: ><pre>-e 2</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following line to ><code>/etc/audit/audit.rules</code> file in order to make the auditd configuration >immutable: ><pre>-e 2</pre> >With this setting, a reboot will be required to change any audit rules.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Making the audit configuration immutable prevents accidental as >well as malicious modification of the audit rules, although it may be >problematic if legitimate changes are needed during system >operation</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open" id="rule-detail-idm45508564598848"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information via open syscall - /etc/groupxccdf_org.ssgproject.content_rule_audit_rules_etc_group_open medium</div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information via open syscall - /etc/group</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect write events to /etc/group file for all users and root. >If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S open -F a2&03 -F path=/etc/group -F auid>=1000 -F auid!=unset -F key=group-modify</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b64 -S open -F a2&03 -F path=/etc/group -F auid>=1000 -F auid!=unset -F key=group-modify</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Creation of groups through direct edition of /etc/group could be an indicator of malicious activity on a system. >Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&03 -F path=/etc/group -F auid>=1000 -F auid!=unset -F key=group-modify</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow" id="rule-detail-idm45508564595808"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information - /etc/shadowxccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow mediumCCE-80431-0 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information - /etc/shadow</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80431-0">CCE-80431-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030873</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-87823r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000018</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001403</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002130</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000004-GPOS-00004</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>If the <code>auditd</code> daemon is configured to use the ><code>augenrules</code> program to read audit rules during daemon startup (the >default), add the following lines to a file with suffix <code>.rules</code> in the >directory <code>/etc/audit/rules.d</code>, in order to capture events that modify >account changes: ><br><br> ><pre>-w /etc/shadow -p wa -k audit_rules_usergroup_modification</pre> ><br><br> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file, in order to capture events that modify >account changes: ><br><br> ><pre>-w /etc/shadow -p wa -k audit_rules_usergroup_modification</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>In addition to auditing new user and group accounts, these watches >will alert the system administrator(s) to any modifications. Any unexpected >users, groups, or modifications should be investigated for legitimacy.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_openat" id="rule-detail-idm45508564592096"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information via openat syscall - /etc/passwdxccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_openat medium</div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information via openat syscall - /etc/passwd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_openat</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect write events to /etc/passwd file for all users and root. >If the <code>auditd</code> daemon is configured >to use the <code>augenrules</code> program to read audit rules during daemon >startup (the default), add the following lines to a file with suffix ><code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: ><pre>-a always,exit -F arch=b32 -S openat -F a2&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file: ><pre>-a always,exit -F arch=b64 -S openat -F a2&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Creation of users through direct edition of /etc/passwd could be an indicator of malicious activity on a system. >Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > Note that these rules can be configured in a >number of ways while still achieving the desired effect. Here the system calls >have been placed independent of other system calls. Grouping system calls related >to the same event is more efficient. See the following example: ><pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_directory_access_var_log_audit" id="rule-detail-idm45508564589056"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Access Events to Audit Log directoryxccdf_org.ssgproject.content_rule_directory_access_var_log_audit unknown</div><div class="panel-heading"><h3 class="panel-title">Record Access Events to Audit Log directory</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_directory_access_var_log_audit</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect access events to read audit log directory. >The following audit rule will assure that access to audit log directory are >collected. ><pre>-a always,exit -F dir=/var/log/audit/ -F perm=r -F auid>=1000 -F auid!=unset -F key=access-audit-trail</pre> >If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> >program to read audit rules during daemon startup (the default), add the >rule to a file with suffix <code>.rules</code> in the directory ><code>/etc/audit/rules.d</code>. >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the rule to ><code>/etc/audit/audit.rules</code> file.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Attempts to read the logs should be recorded, suspicious access to audit log files could be an indicator of malicious activity on a system. >Auditing these events could serve as evidence of potential system compromise.'</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd" id="rule-detail-idm45508564579552"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information - /etc/security/opasswdxccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd mediumCCE-80430-2 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information - /etc/security/opasswd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80430-2">CCE-80430-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030874</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-87825r4_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000018</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001403</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002130</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000004-GPOS-00004</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>If the <code>auditd</code> daemon is configured to use the ><code>augenrules</code> program to read audit rules during daemon startup (the >default), add the following lines to a file with suffix <code>.rules</code> in the >directory <code>/etc/audit/rules.d</code>, in order to capture events that modify >account changes: ><br><br> ><pre>-w /etc/security/opasswd -p wa -k audit_rules_usergroup_modification</pre> ><br><br> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file, in order to capture events that modify >account changes: ><br><br> ><pre>-w /etc/security/opasswd -p wa -k audit_rules_usergroup_modification</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>In addition to auditing new user and group accounts, these watches >will alert the system administrator(s) to any modifications. Any unexpected >users, groups, or modifications should be investigated for legitimacy.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_mac_modification" id="rule-detail-idm45508564575792"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Mandatory Access Controlsxccdf_org.ssgproject.content_rule_audit_rules_mac_modification unknownCCE-27168-4 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Mandatory Access Controls</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_mac_modification</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27168-4">CCE-27168-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.7</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.8</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>If the <code>auditd</code> daemon is configured to use the ><code>augenrules</code> program to read audit rules during daemon startup (the >default), add the following line to a file with suffix <code>.rules</code> in the >directory <code>/etc/audit/rules.d</code>: ><pre>-w /etc/selinux/ -p wa -k MAC-policy</pre> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following line to ><code>/etc/audit/audit.rules</code> file: ><pre>-w /etc/selinux/ -p wa -k MAC-policy</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The system's mandatory access policy (SELinux) should not be >arbitrarily changed by anything other than administrator action. All changes to >MAC policy should be audited.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow" id="rule-detail-idm45508564567392"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information - /etc/gshadowxccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow mediumCCE-80432-8 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information - /etc/gshadow</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80432-8">CCE-80432-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030872</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-87819r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000018</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001403</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002130</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000004-GPOS-00004</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>If the <code>auditd</code> daemon is configured to use the ><code>augenrules</code> program to read audit rules during daemon startup (the >default), add the following lines to a file with suffix <code>.rules</code> in the >directory <code>/etc/audit/rules.d</code>, in order to capture events that modify >account changes: ><br><br> ><pre>-w /etc/gshadow -p wa -k audit_rules_usergroup_modification</pre> ><br><br> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file, in order to capture events that modify >account changes: ><br><br> ><pre>-w /etc/gshadow -p wa -k audit_rules_usergroup_modification</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>In addition to auditing new user and group accounts, these watches >will alert the system administrator(s) to any modifications. Any unexpected >users, groups, or modifications should be investigated for legitimacy.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd" id="rule-detail-idm45508564563632"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information - /etc/passwdxccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd mediumCCE-80435-1 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information - /etc/passwd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80435-1">CCE-80435-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030870</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86821r4_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000018</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001403</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002130</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000004-GPOS-00004</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000239-GPOS-00089</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000240-GPOS-00090</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000241-GPOS-00091</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000303-GPOS-00120</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000476-GPOS-00221</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>If the <code>auditd</code> daemon is configured to use the ><code>augenrules</code> program to read audit rules during daemon startup (the >default), add the following lines to a file with suffix <code>.rules</code> in the >directory <code>/etc/audit/rules.d</code>, in order to capture events that modify >account changes: ><br><br> ><pre>-w /etc/passwd -p wa -k audit_rules_usergroup_modification</pre> ><br><br> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file, in order to capture events that modify >account changes: ><br><br> ><pre>-w /etc/passwd -p wa -k audit_rules_usergroup_modification</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>In addition to auditing new user and group accounts, these watches >will alert the system administrator(s) to any modifications. Any unexpected >users, groups, or modifications should be investigated for legitimacy.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group" id="rule-detail-idm45508564559920"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information - /etc/groupxccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group mediumCCE-80433-6 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information - /etc/group</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80433-6">CCE-80433-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030871</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-87817r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000018</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001403</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002130</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000004-GPOS-00004</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>If the <code>auditd</code> daemon is configured to use the ><code>augenrules</code> program to read audit rules during daemon startup (the >default), add the following lines to a file with suffix <code>.rules</code> in the >directory <code>/etc/audit/rules.d</code>, in order to capture events that modify >account changes: ><br><br> ><pre>-w /etc/group -p wa -k audit_rules_usergroup_modification</pre> ><br><br> >If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> >utility to read audit rules during daemon startup, add the following lines to ><code>/etc/audit/audit.rules</code> file, in order to capture events that modify >account changes: ><br><br> ><pre>-w /etc/group -p wa -k audit_rules_usergroup_modification</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>In addition to auditing new user and group accounts, these watches >will alert the system administrator(s) to any modifications. Any unexpected >users, groups, or modifications should be investigated for legitimacy.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_grub2_audit_backlog_limit_argument" id="rule-detail-idm45508564556224"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Extend Audit Backlog Limit for the Audit Daemonxccdf_org.ssgproject.content_rule_grub2_audit_backlog_limit_argument unknown</div><div class="panel-heading"><h3 class="panel-title">Extend Audit Backlog Limit for the Audit Daemon</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_grub2_audit_backlog_limit_argument</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>To improve the kernel capacity to queue all log events, even those which occurred >prior to the audit daemon, add the argument <code>audit_backlog_limit=8192</code> to the default >GRUB 2 command line for the Linux operating system in ><code>/etc/default/grub</code>, in the manner below: ><pre>GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=VolGroup/LogVol06 rd.lvm.lv=VolGroup/lv_swap rhgb quiet rd.shell=0 audit=1 audit_backlog_limit=8192"</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>audit_backlog_limit sets the queue length for audit events awaiting transfer >to the audit daemon. Until the audit daemon is up and running, all log messages >are stored in this queue. If the queue is overrun during boot process, the action >defined by audit failure flag is taken.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > The GRUB 2 configuration file, <code>grub.cfg</code>, >is automatically updated each time a new kernel is installed. Note that any >changes to <code>/etc/default/grub</code> require rebuilding the <code>grub.cfg</code> >file. To update the GRUB 2 configuration file manually, use the ><pre>grub2-mkconfig -o</pre> command as follows: ><ul><li>On BIOS-based machines, issue the following command as <code>root</code>: ><pre>~]# grub2-mkconfig -o /boot/grub2/grub.cfg</pre></li><li>On UEFI-based machines, issue the following command as <code>root</code>: > ><pre>~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre></li></ul></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_grub2_audit_argument" id="rule-detail-idm45508564553184"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Enable Auditing for Processes Which Start Prior to the Audit Daemonxccdf_org.ssgproject.content_rule_grub2_audit_argument mediumCCE-27212-0 </div><div class="panel-heading"><h3 class="panel-title">Enable Auditing for Processes Which Start Prior to the Audit Daemon</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_grub2_audit_argument</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27212-0">CCE-27212-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">4.1.3</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001464</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000130</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.3</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To ensure all processes can be audited, even those which start >prior to the audit daemon, add the argument <code>audit=1</code> to the default >GRUB 2 command line for the Linux operating system in ><code>/etc/default/grub</code>, in the manner below: ><pre>GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=VolGroup/LogVol06 rd.lvm.lv=VolGroup/lv_swap rhgb quiet rd.shell=0 audit=1"</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Each process on the system carries an "auditable" flag which indicates whether >its activities can be audited. Although <code>auditd</code> takes care of enabling >this for all processes which launch after it does, adding the kernel argument >ensures it is set for every process during boot.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > The GRUB 2 configuration file, <code>grub.cfg</code>, >is automatically updated each time a new kernel is installed. Note that any >changes to <code>/etc/default/grub</code> require rebuilding the <code>grub.cfg</code> >file. To update the GRUB 2 configuration file manually, use the ><pre>grub2-mkconfig -o</pre> command as follows: ><ul><li>On BIOS-based machines, issue the following command as <code>root</code>: ><pre>~]# grub2-mkconfig -o /boot/grub2/grub.cfg</pre></li><li>On UEFI-based machines, issue the following command as <code>root</code>: ><pre>~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre></li></ul></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_service_auditd_enabled" id="rule-detail-idm45508564547792"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Enable auditd Servicexccdf_org.ssgproject.content_rule_service_auditd_enabled highCCE-27407-6 </div><div class="panel-heading"><h3 class="panel-title">Enable auditd Service</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:04</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27407-6">CCE-27407-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030000</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86703r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">4.1.2</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000131</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000038-GPOS-00016</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000039-GPOS-00017</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00021</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000254-GPOS-00095</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000255-GPOS-00096</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The <code>auditd</code> service is an essential userspace component of >the Linux Auditing System, as it is responsible for writing audit records to >disk. > >The <code>auditd</code> service can be enabled with the following command: ><pre>$ sudo systemctl enable auditd.service</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Without establishing what type of events occurred, it would be difficult >to establish, correlate, and investigate the events leading up to an outage or attack. >Ensuring the <code>auditd</code> service is active ensures audit records >generated by the kernel are appropriately recorded. ><br><br> >Additionally, a properly configured audit subsystem ensures that actions of >individual system users can be uniquely traced to those users so they >can be held accountable for their actions.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_grub2_slub_debug_argument" id="rule-detail-idm45508564487008"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Enable SLUB/SLAB allocator poisoningxccdf_org.ssgproject.content_rule_grub2_slub_debug_argument unknown</div><div class="panel-heading"><h3 class="panel-title">Enable SLUB/SLAB allocator poisoning</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_grub2_slub_debug_argument</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:04</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>To enable poisoning of SLUB/SLAB objects, >add the argument <code>slub_debug=P</code> to the default >GRUB 2 command line for the Linux operating system in ><code>/etc/default/grub</code>, in the manner below: ><pre>GRUB_CMDLINE_LINUX="slub_debug=P"</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Poisoning writes an arbitrary value to freed objects, so any modification or >reference to that object after being freed or before being initialized will be >detected and prevented. >This prevents many types of use-after-free vulnerabilities at little performance cost. >Also prevents leak of data and detection of corrupted memory.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > The GRUB 2 configuration file, <code>grub.cfg</code>, >is automatically updated each time a new kernel is installed. Note that any >changes to <code>/etc/default/grub</code> require rebuilding the <code>grub.cfg</code> >file. To update the GRUB 2 configuration file manually, use the ><pre>grub2-mkconfig -o</pre> command as follows: ><ul><li>On BIOS-based machines, issue the following command as <code>root</code>: ><pre>~]# grub2-mkconfig -o /boot/grub2/grub.cfg</pre></li><li>On UEFI-based machines, issue the following command as <code>root</code>: > ><pre>~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre></li></ul></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_grub2_page_poison_argument" id="rule-detail-idm45508564483920"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Enable page allocator poisoningxccdf_org.ssgproject.content_rule_grub2_page_poison_argument unknown</div><div class="panel-heading"><h3 class="panel-title">Enable page allocator poisoning</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_grub2_page_poison_argument</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:04</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>To enable poisoning of free pages, >add the argument <code>page_poison=1</code> to the default >GRUB 2 command line for the Linux operating system in ><code>/etc/default/grub</code>, in the manner below: ><pre>GRUB_CMDLINE_LINUX="page_poison=1"</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Poisoning writes an arbitrary value to freed pages, so any modification or >reference to that page after being freed or before being initialized will be >detected and prevented. >This prevents many types of use-after-free vulnerabilities at little performance cost. >Also prevents leak of data and detection of corrupted memory.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > The GRUB 2 configuration file, <code>grub.cfg</code>, >is automatically updated each time a new kernel is installed. Note that any >changes to <code>/etc/default/grub</code> require rebuilding the <code>grub.cfg</code> >file. To update the GRUB 2 configuration file manually, use the ><pre>grub2-mkconfig -o</pre> command as follows: ><ul><li>On BIOS-based machines, issue the following command as <code>root</code>: ><pre>~]# grub2-mkconfig -o /boot/grub2/grub.cfg</pre></li><li>On UEFI-based machines, issue the following command as <code>root</code>: > ><pre>~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre></li></ul></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sysctl_kernel_kptr_restrict" id="rule-detail-idm45508564471392"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Restrict exposed kernel pointers addresses accessxccdf_org.ssgproject.content_rule_sysctl_kernel_kptr_restrict low</div><div class="panel-heading"><h3 class="panel-title">Restrict exposed kernel pointers addresses access</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sysctl_kernel_kptr_restrict</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:04</td></tr><tr><td>Severity</td><td>low</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R23)</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To set the runtime status of the <code>kernel.kptr_restrict</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.kptr_restrict=1</pre> >If this is not the system default value, add the following line to <code>/etc/sysctl.conf</code>: <pre>kernel.kptr_restrict = 1</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Exposing kernel pointers (through procfs or <code>seq_printf()</code>) exposes >kernel writeable structures that can contain functions pointers. If a write vulnereability occurs >in the kernel allowing a write access to any of this structure, the kernel can be compromise. This >option disallow any program withtout the CAP_SYSLOG capability from getting the kernel pointers addresses, >replacing them with 0.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sysctl_kernel_kexec_load_disabled" id="rule-detail-idm45508564463584"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable kernel image loadingxccdf_org.ssgproject.content_rule_sysctl_kernel_kexec_load_disabled unknown</div><div class="panel-heading"><h3 class="panel-title">Disable kernel image loading</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sysctl_kernel_kexec_load_disabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:04</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>To set the runtime status of the <code>kernel.kexec_load_disabled</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.kexec_load_disabled=1</pre> >If this is not the system default value, add the following line to <code>/etc/sysctl.conf</code>: <pre>kernel.kexec_load_disabled = 1</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Disabling kexec_load allows greater control of the kernel memory. >It makes it impossible to load another kernel image after it has been disabled. ></p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_grub2_vsyscall_argument" id="rule-detail-idm45508564460496"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable vsyscallsxccdf_org.ssgproject.content_rule_grub2_vsyscall_argument unknown</div><div class="panel-heading"><h3 class="panel-title">Disable vsyscalls</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_grub2_vsyscall_argument</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:04</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>To disable use of virtual syscalls, >add the argument <code>vsyscall=none</code> to the default >GRUB 2 command line for the Linux operating system in ><code>/etc/default/grub</code>, in the manner below: ><pre>GRUB_CMDLINE_LINUX="vsyscall=none"</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Virtual Syscalls provide an opportunity of attack for a user who has control >of the return instruction pointer.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â > The GRUB 2 configuration file, <code>grub.cfg</code>, >is automatically updated each time a new kernel is installed. Note that any >changes to <code>/etc/default/grub</code> require rebuilding the <code>grub.cfg</code> >file. To update the GRUB 2 configuration file manually, use the ><pre>grub2-mkconfig -o</pre> command as follows: ><ul><li>On BIOS-based machines, issue the following command as <code>root</code>: ><pre>~]# grub2-mkconfig -o /boot/grub2/grub.cfg</pre></li><li>On UEFI-based machines, issue the following command as <code>root</code>: > ><pre>~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre></li></ul></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sysctl_kernel_yama_ptrace_scope" id="rule-detail-idm45508564457472"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Restrict usage of ptrace to descendant processesxccdf_org.ssgproject.content_rule_sysctl_kernel_yama_ptrace_scope unknown</div><div class="panel-heading"><h3 class="panel-title">Restrict usage of ptrace to descendant processes</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sysctl_kernel_yama_ptrace_scope</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:04</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>To set the runtime status of the <code>kernel.yama.ptrace_scope</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.yama.ptrace_scope=1</pre> >If this is not the system default value, add the following line to <code>/etc/sysctl.conf</code>: <pre>kernel.yama.ptrace_scope = 1</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unrestricted usage of ptrace allows compromised binaries to run ptrace >on another processes of the user. Like this, the attacker can steal >sensitive information from the target processes (e.g. SSH sessions, web browser, ...) >without any additional assistance from the user (i.e. without resorting to phishing). ></p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sysctl_kernel_dmesg_restrict" id="rule-detail-idm45508564454432"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Restrict Access to Kernel Message Bufferxccdf_org.ssgproject.content_rule_sysctl_kernel_dmesg_restrict unknownCCE-27050-4 </div><div class="panel-heading"><h3 class="panel-title">Restrict Access to Kernel Message Buffer</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sysctl_kernel_dmesg_restrict</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:04</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27050-4">CCE-27050-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001314</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-11</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To set the runtime status of the <code>kernel.dmesg_restrict</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.dmesg_restrict=1</pre> >If this is not the system default value, add the following line to <code>/etc/sysctl.conf</code>: <pre>kernel.dmesg_restrict = 1</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unprivileged access to the kernel syslog can expose sensitive kernel >address information.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_mount_option_dev_shm_noexec" id="rule-detail-idm45508564450752"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Add noexec Option to /dev/shmxccdf_org.ssgproject.content_rule_mount_option_dev_shm_noexec unknownCCE-80153-0 </div><div class="panel-heading"><h3 class="panel-title">Add noexec Option to /dev/shm</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_mount_option_dev_shm_noexec</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:04</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80153-0">CCE-80153-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.1.17</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MP-2</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The <code>noexec</code> mount option can be used to prevent binaries >from being executed out of <code>/dev/shm</code>. >It can be dangerous to allow the execution of binaries >from world-writable temporary storage directories such as <code>/dev/shm</code>. >Add the <code>noexec</code> option to the fourth column of ><code>/etc/fstab</code> for the line which controls mounting of ><code>/dev/shm</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Allowing users to execute binaries from world-writable directories >such as <code>/dev/shm</code> can expose the system to potential compromise.</p></div></td></tr><tr><td colspan="2"><div class="remediation"><span class="label label-success">Remediation Shell script:</span>Â Â Â <a data-toggle="collapse" data-target="#idm45508567644992">(show)</a><br></br><div class="panel-collapse collapse" id="idm45508567644992"><pre><code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_function_include_mount_options_functions">function include_mount_options_functions { > : >} > ># $1: mount point ># $2: new mount point option >function ensure_mount_option_in_fstab { > local _mount_point="$1" _new_opt="$2" _mount_point_match_regexp="" _previous_mount_opts="" > _mount_point_match_regexp="$(get_mount_point_regexp "$_mount_point")" > > if [ $(grep "$_mount_point_match_regexp" /etc/fstab | grep -c "$_new_opt" ) -eq 0 ]; then > _previous_mount_opts=$(grep "$_mount_point_match_regexp" /etc/fstab | awk '{print $4}') > sed -i "s|\(${_mount_point_match_regexp}.*${_previous_mount_opts}\)|\1,${_new_opt}|" /etc/fstab > fi >} > ># $1: mount point >function get_mount_point_regexp { > printf "[[:space:]]%s[[:space:]]" "$1" >} > ># $1: mount point >function assert_mount_point_in_fstab { > local _mount_point_match_regexp > _mount_point_match_regexp="$(get_mount_point_regexp "$1")" > grep "$_mount_point_match_regexp" -q /etc/fstab \ > || { echo "The mount point '$1' is not even in /etc/fstab, so we can't set up mount options" >&2; return 1; } >} > ># $1: mount point >function remove_defaults_from_fstab_if_overriden { > local _mount_point_match_regexp > _mount_point_match_regexp="$(get_mount_point_regexp "$1")" > if $(grep "$_mount_point_match_regexp" /etc/fstab | grep -q "defaults,") > then > sed -i "s|\(${_mount_point_match_regexp}.*\)defaults,|\1|" /etc/fstab > fi >} > ># $1: mount point >function ensure_partition_is_mounted { > local _mount_point="$1" > mkdir -p "$_mount_point" || return 1 > if mountpoint -q "$_mount_point"; then > mount -o remount --target "$_mount_point" > else > mount --target "$_mount_point" > fi >} ></abbr> >include_mount_options_functions > >function perform_remediation { > # test "$mount_has_to_exist" = 'yes' > if test "yes" = 'yes'; then > assert_mount_point_in_fstab /dev/shm || { echo "Not remediating, because there is no record of /dev/shm in /etc/fstab" >&2; return 1; } > fi > > ensure_mount_option_in_fstab "/dev/shm" "noexec" > > ensure_partition_is_mounted "/dev/shm" >} > >perform_remediation ></code></pre></div></div></td></tr><tr><td colspan="2"><div class="remediation"><span class="label label-success">Remediation Ansible snippet:</span>Â Â Â <a data-toggle="collapse" data-target="#idm45508567646800">(show)</a><br></br><div class="panel-collapse collapse" id="idm45508567646800"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>high</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: get back device associated to mountpoint > shell: mount | grep ' /dev/shm ' |cut -d ' ' -f 1 > register: device_name > check_mode: no > tags: > - mount_option_dev_shm_noexec > - unknown_severity > - configure_strategy > - low_complexity > - high_disruption > - CCE-80153-0 > - NIST-800-53-CM-7 > - NIST-800-53-MP-2 > >- name: get back device previous mount option > shell: mount | grep ' /dev/shm ' | sed -re 's:.*\((.*)\):\1:' > register: device_cur_mountoption > check_mode: no > tags: > - mount_option_dev_shm_noexec > - unknown_severity > - configure_strategy > - low_complexity > - high_disruption > - CCE-80153-0 > - NIST-800-53-CM-7 > - NIST-800-53-MP-2 > >- name: get back device fstype > shell: mount | grep ' /dev/shm ' | cut -d ' ' -f 5 > register: device_fstype > check_mode: no > tags: > - mount_option_dev_shm_noexec > - unknown_severity > - configure_strategy > - low_complexity > - high_disruption > - CCE-80153-0 > - NIST-800-53-CM-7 > - NIST-800-53-MP-2 > >- name: Ensure permission noexec are set on /dev/shm > mount: > path: "/dev/shm" > src: "{{device_name.stdout}}" > opts: "{{device_cur_mountoption.stdout}},noexec" > state: "mounted" > fstype: "{{device_fstype.stdout}}" > tags: > - mount_option_dev_shm_noexec > - unknown_severity > - configure_strategy > - low_complexity > - high_disruption > - CCE-80153-0 > - NIST-800-53-CM-7 > - NIST-800-53-MP-2 ></code></pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nosuid" id="rule-detail-idm45508564423856"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Add nosuid Option to /dev/shmxccdf_org.ssgproject.content_rule_mount_option_dev_shm_nosuid unknownCCE-80154-8 </div><div class="panel-heading"><h3 class="panel-title">Add nosuid Option to /dev/shm</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nosuid</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:04</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80154-8">CCE-80154-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.1.16</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MP-2</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The <code>nosuid</code> mount option can be used to prevent execution >of setuid programs in <code>/dev/shm</code>. The SUID and SGID permissions should not >be required in these world-writable directories. >Add the <code>nosuid</code> option to the fourth column of ><code>/etc/fstab</code> for the line which controls mounting of ><code>/dev/shm</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The presence of SUID and SGID executables should be tightly controlled. Users >should not be able to execute SUID or SGID binaries from temporary storage partitions.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nodev" id="rule-detail-idm45508564414896"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Add nodev Option to /dev/shmxccdf_org.ssgproject.content_rule_mount_option_dev_shm_nodev unknownCCE-80152-2 </div><div class="panel-heading"><h3 class="panel-title">Add nodev Option to /dev/shm</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nodev</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:04</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â > <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80152-2">CCE-80152-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â > <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.1.15</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MP-2</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The <code>nodev</code> mount option can be used to prevent creation >of device files in <code>/dev/shm</code>. >Legitimate character and block devices should not exist >within temporary directories like <code>/dev/shm</code>. >Add the <code>nodev</code> option to the fourth column of <code>/etc/fstab</code> for the line which controls mounting of <code>/dev/shm</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The only legitimate location for device files is the <code>/dev</code> directory >located on the root partition. The only exception to this is chroot jails.</p></div></td></tr></tbody></table></div></div><a href="#result-details"><button type="button" class="btn btn-secondary">Scroll back to the first rule</button></a></div><div id="rear-matter"><div class="row top-spacer-10"><div class="col-md-12 well well-lg"><div class="rear-matter">Red Hat and Red Hat Enterprise Linux are either registered >trademarks or trademarks of Red Hat, Inc. in the United States and other >countries. All other names are registered trademarks or trademarks of their >respective companies. ></div></div></div></div></div></div><footer id="footer"><div class="container"><p class="muted credit"> > Generated using <a href="http://open-scap.org">OpenSCAP</a> 1.2.17</p></div></footer></body></html>
<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta charset="utf-8"></meta><meta http-equiv="X-UA-Compatible" content="IE=edge"></meta><meta name="viewport" content="width=device-width, initial-scale=1"></meta><title>xccdf_org.open-scap_testresult_xccdf_org.ssgproject.content_profile_ospp42 | OpenSCAP Evaluation Report</title><style> /*! * Bootstrap v3.3.7 (http://getbootstrap.com) * Copyright 2011-2016 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */ /*! * Generated using the Bootstrap Customizer (https://getbootstrap.com/customize/?id=8160adef040364fa8f688f6065765caf) * Config saved to config.json and https://gist.github.com/8160adef040364fa8f688f6065765caf *//*! * Bootstrap v3.3.7 (http://getbootstrap.com) * Copyright 2011-2016 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:0.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace, monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button,select{text-transform:none}button,html input[type="button"],input[type="reset"],input[type="submit"]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}input{line-height:normal}input[type="checkbox"],input[type="radio"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;padding:0}input[type="number"]::-webkit-inner-spin-button,input[type="number"]::-webkit-outer-spin-button{height:auto}input[type="search"]{-webkit-appearance:textfield;-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box}input[type="search"]::-webkit-search-cancel-button,input[type="search"]::-webkit-search-decoration{-webkit-appearance:none}fieldset{border:1px solid #c0c0c0;margin:0 2px;padding:0.35em 0.625em 0.75em}legend{border:0;padding:0}textarea{overflow:auto}optgroup{font-weight:bold}table{border-collapse:collapse;border-spacing:0}td,th{padding:0}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@media print{*,*:before,*:after{background:transparent !important;color:#000 !important;-webkit-box-shadow:none !important;box-shadow:none !important;text-shadow:none !important}a,a:visited{text-decoration:underline}a[href]:after{content:" (" attr(href) ")"}abbr[title]:after{content:" (" attr(title) ")"}a[href^="#"]:after,a[href^="javascript:"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100% !important}p,h2,h3{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}.btn>.caret,.dropup>.btn>.caret{border-top-color:#000 !important}.label{border:1px solid #000}.table{border-collapse:collapse !important}.table td,.table th{background-color:#fff !important}.table-bordered th,.table-bordered td{border:1px solid #ddd !important}}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}*:before,*:after{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:10px;-webkit-tap-highlight-color:rgba(0,0,0,0)}body{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:1.42857143;color:#333;background-color:#fff}input,button,select,textarea{font-family:inherit;font-size:inherit;line-height:inherit}a{color:#428bca;text-decoration:none}a:hover,a:focus{color:#2a6496;text-decoration:underline}a:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}figure{margin:0}img{vertical-align:middle}.img-responsive{display:block;max-width:100%;height:auto}.img-rounded{border-radius:6px}.img-thumbnail{padding:4px;line-height:1.42857143;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;-o-transition:all .2s ease-in-out;transition:all .2s ease-in-out;display:inline-block;max-width:100%;height:auto}.img-circle{border-radius:50%}hr{margin-top:20px;margin-bottom:20px;border:0;border-top:1px solid #eee}.sr-only{position:absolute;width:1px;height:1px;margin:-1px;padding:0;overflow:hidden;clip:rect(0, 0, 0, 0);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;margin:0;overflow:visible;clip:auto}[role="button"]{cursor:pointer}h1,h2,h3,h4,h5,h6,.h1,.h2,.h3,.h4,.h5,.h6{font-family:inherit;font-weight:500;line-height:1.1;color:inherit}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small,.h1 small,.h2 small,.h3 small,.h4 small,.h5 small,.h6 small,h1 .small,h2 .small,h3 .small,h4 .small,h5 .small,h6 .small,.h1 .small,.h2 .small,.h3 .small,.h4 .small,.h5 .small,.h6 .small{font-weight:normal;line-height:1;color:#777}h1,.h1,h2,.h2,h3,.h3{margin-top:20px;margin-bottom:10px}h1 small,.h1 small,h2 small,.h2 small,h3 small,.h3 small,h1 .small,.h1 .small,h2 .small,.h2 .small,h3 .small,.h3 .small{font-size:65%}h4,.h4,h5,.h5,h6,.h6{margin-top:10px;margin-bottom:10px}h4 small,.h4 small,h5 small,.h5 small,h6 small,.h6 small,h4 .small,.h4 .small,h5 .small,.h5 .small,h6 .small,.h6 .small{font-size:75%}h1,.h1{font-size:36px}h2,.h2{font-size:30px}h3,.h3{font-size:24px}h4,.h4{font-size:18px}h5,.h5{font-size:14px}h6,.h6{font-size:12px}p{margin:0 0 10px}.lead{margin-bottom:20px;font-size:16px;font-weight:300;line-height:1.4}@media (min-width:768px){.lead{font-size:21px}}small,.small{font-size:85%}mark,.mark{background-color:#fcf8e3;padding:.2em}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}.text-justify{text-align:justify}.text-nowrap{white-space:nowrap}.text-lowercase{text-transform:lowercase}.text-uppercase{text-transform:uppercase}.text-capitalize{text-transform:capitalize}.text-muted{color:#777}.text-primary{color:#428bca}a.text-primary:hover,a.text-primary:focus{color:#3071a9}.text-success{color:#3c763d}a.text-success:hover,a.text-success:focus{color:#2b542c}.text-info{color:#31708f}a.text-info:hover,a.text-info:focus{color:#245269}.text-warning{color:#8a6d3b}a.text-warning:hover,a.text-warning:focus{color:#66512c}.text-danger{color:#a94442}a.text-danger:hover,a.text-danger:focus{color:#843534}.bg-primary{color:#fff;background-color:#428bca}a.bg-primary:hover,a.bg-primary:focus{background-color:#3071a9}.bg-success{background-color:#dff0d8}a.bg-success:hover,a.bg-success:focus{background-color:#c1e2b3}.bg-info{background-color:#d9edf7}a.bg-info:hover,a.bg-info:focus{background-color:#afd9ee}.bg-warning{background-color:#fcf8e3}a.bg-warning:hover,a.bg-warning:focus{background-color:#f7ecb5}.bg-danger{background-color:#f2dede}a.bg-danger:hover,a.bg-danger:focus{background-color:#e4b9b9}.page-header{padding-bottom:9px;margin:40px 0 20px;border-bottom:1px solid #eee}ul,ol{margin-top:0;margin-bottom:10px}ul ul,ol ul,ul ol,ol ol{margin-bottom:0}.list-unstyled{padding-left:0;list-style:none}.list-inline{padding-left:0;list-style:none;margin-left:-5px}.list-inline>li{display:inline-block;padding-left:5px;padding-right:5px}dl{margin-top:0;margin-bottom:20px}dt,dd{line-height:1.42857143}dt{font-weight:bold}dd{margin-left:0}@media (min-width:768px){.dl-horizontal dt{float:left;width:160px;clear:left;text-align:right;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}}abbr[title],abbr[data-original-title]{cursor:help;border-bottom:1px dotted #777}.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:10px 20px;margin:0 0 20px;font-size:17.5px;border-left:5px solid #eee}blockquote p:last-child,blockquote ul:last-child,blockquote ol:last-child{margin-bottom:0}blockquote footer,blockquote small,blockquote .small{display:block;font-size:80%;line-height:1.42857143;color:#777}blockquote footer:before,blockquote small:before,blockquote .small:before{content:'\2014 \00A0'}.blockquote-reverse,blockquote.pull-right{padding-right:15px;padding-left:0;border-right:5px solid #eee;border-left:0;text-align:right}.blockquote-reverse footer:before,blockquote.pull-right footer:before,.blockquote-reverse small:before,blockquote.pull-right small:before,.blockquote-reverse .small:before,blockquote.pull-right .small:before{content:''}.blockquote-reverse footer:after,blockquote.pull-right footer:after,.blockquote-reverse small:after,blockquote.pull-right small:after,.blockquote-reverse .small:after,blockquote.pull-right .small:after{content:'\00A0 \2014'}address{margin-bottom:20px;font-style:normal;line-height:1.42857143}code,kbd,pre,samp{font-family:Menlo,Monaco,Consolas,"Courier New",monospace}code{padding:2px 4px;font-size:90%;color:#c7254e;background-color:#f9f2f4;border-radius:4px}kbd{padding:2px 4px;font-size:90%;color:#fff;background-color:#333;border-radius:3px;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.25);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.25)}kbd kbd{padding:0;font-size:100%;font-weight:bold;-webkit-box-shadow:none;box-shadow:none}pre{display:block;padding:9.5px;margin:0 0 10px;font-size:13px;line-height:1.42857143;word-break:break-all;word-wrap:break-word;color:#333;background-color:#f5f5f5;border:1px solid #ccc;border-radius:4px}pre code{padding:0;font-size:inherit;color:inherit;white-space:pre-wrap;background-color:transparent;border-radius:0}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}@media (min-width:768px){.container{width:750px}}@media (min-width:992px){.container{width:970px}}@media (min-width:1200px){.container{width:1170px}}.container-fluid{margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}.row{margin-left:-15px;margin-right:-15px}.col-xs-1, .col-sm-1, .col-md-1, .col-lg-1, .col-xs-2, .col-sm-2, .col-md-2, .col-lg-2, .col-xs-3, .col-sm-3, .col-md-3, .col-lg-3, .col-xs-4, .col-sm-4, .col-md-4, .col-lg-4, .col-xs-5, .col-sm-5, .col-md-5, .col-lg-5, .col-xs-6, .col-sm-6, .col-md-6, .col-lg-6, .col-xs-7, .col-sm-7, .col-md-7, .col-lg-7, .col-xs-8, .col-sm-8, .col-md-8, .col-lg-8, .col-xs-9, .col-sm-9, .col-md-9, .col-lg-9, .col-xs-10, .col-sm-10, .col-md-10, .col-lg-10, .col-xs-11, .col-sm-11, .col-md-11, .col-lg-11, .col-xs-12, .col-sm-12, .col-md-12, .col-lg-12{position:relative;min-height:1px;padding-left:15px;padding-right:15px}.col-xs-1, .col-xs-2, .col-xs-3, .col-xs-4, .col-xs-5, .col-xs-6, .col-xs-7, .col-xs-8, .col-xs-9, .col-xs-10, .col-xs-11, .col-xs-12{float:left}.col-xs-12{width:100%}.col-xs-11{width:91.66666667%}.col-xs-10{width:83.33333333%}.col-xs-9{width:75%}.col-xs-8{width:66.66666667%}.col-xs-7{width:58.33333333%}.col-xs-6{width:50%}.col-xs-5{width:41.66666667%}.col-xs-4{width:33.33333333%}.col-xs-3{width:25%}.col-xs-2{width:16.66666667%}.col-xs-1{width:8.33333333%}.col-xs-pull-12{right:100%}.col-xs-pull-11{right:91.66666667%}.col-xs-pull-10{right:83.33333333%}.col-xs-pull-9{right:75%}.col-xs-pull-8{right:66.66666667%}.col-xs-pull-7{right:58.33333333%}.col-xs-pull-6{right:50%}.col-xs-pull-5{right:41.66666667%}.col-xs-pull-4{right:33.33333333%}.col-xs-pull-3{right:25%}.col-xs-pull-2{right:16.66666667%}.col-xs-pull-1{right:8.33333333%}.col-xs-pull-0{right:auto}.col-xs-push-12{left:100%}.col-xs-push-11{left:91.66666667%}.col-xs-push-10{left:83.33333333%}.col-xs-push-9{left:75%}.col-xs-push-8{left:66.66666667%}.col-xs-push-7{left:58.33333333%}.col-xs-push-6{left:50%}.col-xs-push-5{left:41.66666667%}.col-xs-push-4{left:33.33333333%}.col-xs-push-3{left:25%}.col-xs-push-2{left:16.66666667%}.col-xs-push-1{left:8.33333333%}.col-xs-push-0{left:auto}.col-xs-offset-12{margin-left:100%}.col-xs-offset-11{margin-left:91.66666667%}.col-xs-offset-10{margin-left:83.33333333%}.col-xs-offset-9{margin-left:75%}.col-xs-offset-8{margin-left:66.66666667%}.col-xs-offset-7{margin-left:58.33333333%}.col-xs-offset-6{margin-left:50%}.col-xs-offset-5{margin-left:41.66666667%}.col-xs-offset-4{margin-left:33.33333333%}.col-xs-offset-3{margin-left:25%}.col-xs-offset-2{margin-left:16.66666667%}.col-xs-offset-1{margin-left:8.33333333%}.col-xs-offset-0{margin-left:0}@media (min-width:768px){.col-sm-1, .col-sm-2, .col-sm-3, .col-sm-4, .col-sm-5, .col-sm-6, .col-sm-7, .col-sm-8, .col-sm-9, .col-sm-10, .col-sm-11, .col-sm-12{float:left}.col-sm-12{width:100%}.col-sm-11{width:91.66666667%}.col-sm-10{width:83.33333333%}.col-sm-9{width:75%}.col-sm-8{width:66.66666667%}.col-sm-7{width:58.33333333%}.col-sm-6{width:50%}.col-sm-5{width:41.66666667%}.col-sm-4{width:33.33333333%}.col-sm-3{width:25%}.col-sm-2{width:16.66666667%}.col-sm-1{width:8.33333333%}.col-sm-pull-12{right:100%}.col-sm-pull-11{right:91.66666667%}.col-sm-pull-10{right:83.33333333%}.col-sm-pull-9{right:75%}.col-sm-pull-8{right:66.66666667%}.col-sm-pull-7{right:58.33333333%}.col-sm-pull-6{right:50%}.col-sm-pull-5{right:41.66666667%}.col-sm-pull-4{right:33.33333333%}.col-sm-pull-3{right:25%}.col-sm-pull-2{right:16.66666667%}.col-sm-pull-1{right:8.33333333%}.col-sm-pull-0{right:auto}.col-sm-push-12{left:100%}.col-sm-push-11{left:91.66666667%}.col-sm-push-10{left:83.33333333%}.col-sm-push-9{left:75%}.col-sm-push-8{left:66.66666667%}.col-sm-push-7{left:58.33333333%}.col-sm-push-6{left:50%}.col-sm-push-5{left:41.66666667%}.col-sm-push-4{left:33.33333333%}.col-sm-push-3{left:25%}.col-sm-push-2{left:16.66666667%}.col-sm-push-1{left:8.33333333%}.col-sm-push-0{left:auto}.col-sm-offset-12{margin-left:100%}.col-sm-offset-11{margin-left:91.66666667%}.col-sm-offset-10{margin-left:83.33333333%}.col-sm-offset-9{margin-left:75%}.col-sm-offset-8{margin-left:66.66666667%}.col-sm-offset-7{margin-left:58.33333333%}.col-sm-offset-6{margin-left:50%}.col-sm-offset-5{margin-left:41.66666667%}.col-sm-offset-4{margin-left:33.33333333%}.col-sm-offset-3{margin-left:25%}.col-sm-offset-2{margin-left:16.66666667%}.col-sm-offset-1{margin-left:8.33333333%}.col-sm-offset-0{margin-left:0}}@media (min-width:992px){.col-md-1, .col-md-2, .col-md-3, .col-md-4, .col-md-5, .col-md-6, .col-md-7, .col-md-8, .col-md-9, .col-md-10, .col-md-11, .col-md-12{float:left}.col-md-12{width:100%}.col-md-11{width:91.66666667%}.col-md-10{width:83.33333333%}.col-md-9{width:75%}.col-md-8{width:66.66666667%}.col-md-7{width:58.33333333%}.col-md-6{width:50%}.col-md-5{width:41.66666667%}.col-md-4{width:33.33333333%}.col-md-3{width:25%}.col-md-2{width:16.66666667%}.col-md-1{width:8.33333333%}.col-md-pull-12{right:100%}.col-md-pull-11{right:91.66666667%}.col-md-pull-10{right:83.33333333%}.col-md-pull-9{right:75%}.col-md-pull-8{right:66.66666667%}.col-md-pull-7{right:58.33333333%}.col-md-pull-6{right:50%}.col-md-pull-5{right:41.66666667%}.col-md-pull-4{right:33.33333333%}.col-md-pull-3{right:25%}.col-md-pull-2{right:16.66666667%}.col-md-pull-1{right:8.33333333%}.col-md-pull-0{right:auto}.col-md-push-12{left:100%}.col-md-push-11{left:91.66666667%}.col-md-push-10{left:83.33333333%}.col-md-push-9{left:75%}.col-md-push-8{left:66.66666667%}.col-md-push-7{left:58.33333333%}.col-md-push-6{left:50%}.col-md-push-5{left:41.66666667%}.col-md-push-4{left:33.33333333%}.col-md-push-3{left:25%}.col-md-push-2{left:16.66666667%}.col-md-push-1{left:8.33333333%}.col-md-push-0{left:auto}.col-md-offset-12{margin-left:100%}.col-md-offset-11{margin-left:91.66666667%}.col-md-offset-10{margin-left:83.33333333%}.col-md-offset-9{margin-left:75%}.col-md-offset-8{margin-left:66.66666667%}.col-md-offset-7{margin-left:58.33333333%}.col-md-offset-6{margin-left:50%}.col-md-offset-5{margin-left:41.66666667%}.col-md-offset-4{margin-left:33.33333333%}.col-md-offset-3{margin-left:25%}.col-md-offset-2{margin-left:16.66666667%}.col-md-offset-1{margin-left:8.33333333%}.col-md-offset-0{margin-left:0}}@media (min-width:1200px){.col-lg-1, .col-lg-2, .col-lg-3, .col-lg-4, .col-lg-5, .col-lg-6, .col-lg-7, .col-lg-8, .col-lg-9, .col-lg-10, .col-lg-11, .col-lg-12{float:left}.col-lg-12{width:100%}.col-lg-11{width:91.66666667%}.col-lg-10{width:83.33333333%}.col-lg-9{width:75%}.col-lg-8{width:66.66666667%}.col-lg-7{width:58.33333333%}.col-lg-6{width:50%}.col-lg-5{width:41.66666667%}.col-lg-4{width:33.33333333%}.col-lg-3{width:25%}.col-lg-2{width:16.66666667%}.col-lg-1{width:8.33333333%}.col-lg-pull-12{right:100%}.col-lg-pull-11{right:91.66666667%}.col-lg-pull-10{right:83.33333333%}.col-lg-pull-9{right:75%}.col-lg-pull-8{right:66.66666667%}.col-lg-pull-7{right:58.33333333%}.col-lg-pull-6{right:50%}.col-lg-pull-5{right:41.66666667%}.col-lg-pull-4{right:33.33333333%}.col-lg-pull-3{right:25%}.col-lg-pull-2{right:16.66666667%}.col-lg-pull-1{right:8.33333333%}.col-lg-pull-0{right:auto}.col-lg-push-12{left:100%}.col-lg-push-11{left:91.66666667%}.col-lg-push-10{left:83.33333333%}.col-lg-push-9{left:75%}.col-lg-push-8{left:66.66666667%}.col-lg-push-7{left:58.33333333%}.col-lg-push-6{left:50%}.col-lg-push-5{left:41.66666667%}.col-lg-push-4{left:33.33333333%}.col-lg-push-3{left:25%}.col-lg-push-2{left:16.66666667%}.col-lg-push-1{left:8.33333333%}.col-lg-push-0{left:auto}.col-lg-offset-12{margin-left:100%}.col-lg-offset-11{margin-left:91.66666667%}.col-lg-offset-10{margin-left:83.33333333%}.col-lg-offset-9{margin-left:75%}.col-lg-offset-8{margin-left:66.66666667%}.col-lg-offset-7{margin-left:58.33333333%}.col-lg-offset-6{margin-left:50%}.col-lg-offset-5{margin-left:41.66666667%}.col-lg-offset-4{margin-left:33.33333333%}.col-lg-offset-3{margin-left:25%}.col-lg-offset-2{margin-left:16.66666667%}.col-lg-offset-1{margin-left:8.33333333%}.col-lg-offset-0{margin-left:0}}table{background-color:transparent}caption{padding-top:8px;padding-bottom:8px;color:#777;text-align:left}th{text-align:left}.table{width:100%;max-width:100%;margin-bottom:20px}.table>thead>tr>th,.table>tbody>tr>th,.table>tfoot>tr>th,.table>thead>tr>td,.table>tbody>tr>td,.table>tfoot>tr>td{padding:8px;line-height:1.42857143;vertical-align:top;border-top:1px solid #ddd}.table>thead>tr>th{vertical-align:bottom;border-bottom:2px solid #ddd}.table>caption+thead>tr:first-child>th,.table>colgroup+thead>tr:first-child>th,.table>thead:first-child>tr:first-child>th,.table>caption+thead>tr:first-child>td,.table>colgroup+thead>tr:first-child>td,.table>thead:first-child>tr:first-child>td{border-top:0}.table>tbody+tbody{border-top:2px solid #ddd}.table .table{background-color:#fff}.table-condensed>thead>tr>th,.table-condensed>tbody>tr>th,.table-condensed>tfoot>tr>th,.table-condensed>thead>tr>td,.table-condensed>tbody>tr>td,.table-condensed>tfoot>tr>td{padding:5px}.table-bordered{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>tbody>tr>th,.table-bordered>tfoot>tr>th,.table-bordered>thead>tr>td,.table-bordered>tbody>tr>td,.table-bordered>tfoot>tr>td{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>thead>tr>td{border-bottom-width:2px}.table-striped>tbody>tr:nth-of-type(odd){background-color:#f9f9f9}.table-hover>tbody>tr:hover{background-color:#f5f5f5}table col[class*="col-"]{position:static;float:none;display:table-column}table td[class*="col-"],table th[class*="col-"]{position:static;float:none;display:table-cell}.table>thead>tr>td.active,.table>tbody>tr>td.active,.table>tfoot>tr>td.active,.table>thead>tr>th.active,.table>tbody>tr>th.active,.table>tfoot>tr>th.active,.table>thead>tr.active>td,.table>tbody>tr.active>td,.table>tfoot>tr.active>td,.table>thead>tr.active>th,.table>tbody>tr.active>th,.table>tfoot>tr.active>th{background-color:#f5f5f5}.table-hover>tbody>tr>td.active:hover,.table-hover>tbody>tr>th.active:hover,.table-hover>tbody>tr.active:hover>td,.table-hover>tbody>tr:hover>.active,.table-hover>tbody>tr.active:hover>th{background-color:#e8e8e8}.table>thead>tr>td.success,.table>tbody>tr>td.success,.table>tfoot>tr>td.success,.table>thead>tr>th.success,.table>tbody>tr>th.success,.table>tfoot>tr>th.success,.table>thead>tr.success>td,.table>tbody>tr.success>td,.table>tfoot>tr.success>td,.table>thead>tr.success>th,.table>tbody>tr.success>th,.table>tfoot>tr.success>th{background-color:#dff0d8}.table-hover>tbody>tr>td.success:hover,.table-hover>tbody>tr>th.success:hover,.table-hover>tbody>tr.success:hover>td,.table-hover>tbody>tr:hover>.success,.table-hover>tbody>tr.success:hover>th{background-color:#d0e9c6}.table>thead>tr>td.info,.table>tbody>tr>td.info,.table>tfoot>tr>td.info,.table>thead>tr>th.info,.table>tbody>tr>th.info,.table>tfoot>tr>th.info,.table>thead>tr.info>td,.table>tbody>tr.info>td,.table>tfoot>tr.info>td,.table>thead>tr.info>th,.table>tbody>tr.info>th,.table>tfoot>tr.info>th{background-color:#d9edf7}.table-hover>tbody>tr>td.info:hover,.table-hover>tbody>tr>th.info:hover,.table-hover>tbody>tr.info:hover>td,.table-hover>tbody>tr:hover>.info,.table-hover>tbody>tr.info:hover>th{background-color:#c4e3f3}.table>thead>tr>td.warning,.table>tbody>tr>td.warning,.table>tfoot>tr>td.warning,.table>thead>tr>th.warning,.table>tbody>tr>th.warning,.table>tfoot>tr>th.warning,.table>thead>tr.warning>td,.table>tbody>tr.warning>td,.table>tfoot>tr.warning>td,.table>thead>tr.warning>th,.table>tbody>tr.warning>th,.table>tfoot>tr.warning>th{background-color:#fcf8e3}.table-hover>tbody>tr>td.warning:hover,.table-hover>tbody>tr>th.warning:hover,.table-hover>tbody>tr.warning:hover>td,.table-hover>tbody>tr:hover>.warning,.table-hover>tbody>tr.warning:hover>th{background-color:#faf2cc}.table>thead>tr>td.danger,.table>tbody>tr>td.danger,.table>tfoot>tr>td.danger,.table>thead>tr>th.danger,.table>tbody>tr>th.danger,.table>tfoot>tr>th.danger,.table>thead>tr.danger>td,.table>tbody>tr.danger>td,.table>tfoot>tr.danger>td,.table>thead>tr.danger>th,.table>tbody>tr.danger>th,.table>tfoot>tr.danger>th{background-color:#f2dede}.table-hover>tbody>tr>td.danger:hover,.table-hover>tbody>tr>th.danger:hover,.table-hover>tbody>tr.danger:hover>td,.table-hover>tbody>tr:hover>.danger,.table-hover>tbody>tr.danger:hover>th{background-color:#ebcccc}.table-responsive{overflow-x:auto;min-height:0.01%}@media screen and (max-width:767px){.table-responsive{width:100%;margin-bottom:15px;overflow-y:hidden;-ms-overflow-style:-ms-autohiding-scrollbar;border:1px solid #ddd}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>thead>tr>th,.table-responsive>.table>tbody>tr>th,.table-responsive>.table>tfoot>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.table>tbody>tr>td,.table-responsive>.table>tfoot>tr>td{white-space:nowrap}.table-responsive>.table-bordered{border:0}.table-responsive>.table-bordered>thead>tr>th:first-child,.table-responsive>.table-bordered>tbody>tr>th:first-child,.table-responsive>.table-bordered>tfoot>tr>th:first-child,.table-responsive>.table-bordered>thead>tr>td:first-child,.table-responsive>.table-bordered>tbody>tr>td:first-child,.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.table-responsive>.table-bordered>thead>tr>th:last-child,.table-responsive>.table-bordered>tbody>tr>th:last-child,.table-responsive>.table-bordered>tfoot>tr>th:last-child,.table-responsive>.table-bordered>thead>tr>td:last-child,.table-responsive>.table-bordered>tbody>tr>td:last-child,.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.table-responsive>.table-bordered>tbody>tr:last-child>th,.table-responsive>.table-bordered>tfoot>tr:last-child>th,.table-responsive>.table-bordered>tbody>tr:last-child>td,.table-responsive>.table-bordered>tfoot>tr:last-child>td{border-bottom:0}}fieldset{padding:0;margin:0;border:0;min-width:0}legend{display:block;width:100%;padding:0;margin-bottom:20px;font-size:21px;line-height:inherit;color:#333;border:0;border-bottom:1px solid #e5e5e5}label{display:inline-block;max-width:100%;margin-bottom:5px;font-weight:bold}input[type="search"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}input[type="radio"],input[type="checkbox"]{margin:4px 0 0;margin-top:1px \9;line-height:normal}input[type="file"]{display:block}input[type="range"]{display:block;width:100%}select[multiple],select[size]{height:auto}input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}output{display:block;padding-top:7px;font-size:14px;line-height:1.42857143;color:#555}.form-control{display:block;width:100%;height:34px;padding:6px 12px;font-size:14px;line-height:1.42857143;color:#555;background-color:#fff;background-image:none;border:1px solid #ccc;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border-color ease-in-out .15s, -webkit-box-shadow ease-in-out .15s;-o-transition:border-color ease-in-out .15s, box-shadow ease-in-out .15s;transition:border-color ease-in-out .15s, box-shadow ease-in-out .15s}.form-control:focus{border-color:#66afe9;outline:0;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(102, 175, 233, 0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(102, 175, 233, 0.6)}.form-control::-moz-placeholder{color:#777;opacity:1}.form-control:-ms-input-placeholder{color:#777}.form-control::-webkit-input-placeholder{color:#777}.form-control::-ms-expand{border:0;background-color:transparent}.form-control[disabled],.form-control[readonly],fieldset[disabled] .form-control{background-color:#eee;opacity:1}.form-control[disabled],fieldset[disabled] .form-control{cursor:not-allowed}textarea.form-control{height:auto}input[type="search"]{-webkit-appearance:none}@media screen and (-webkit-min-device-pixel-ratio:0){input[type="date"].form-control,input[type="time"].form-control,input[type="datetime-local"].form-control,input[type="month"].form-control{line-height:34px}input[type="date"].input-sm,input[type="time"].input-sm,input[type="datetime-local"].input-sm,input[type="month"].input-sm,.input-group-sm input[type="date"],.input-group-sm input[type="time"],.input-group-sm input[type="datetime-local"],.input-group-sm input[type="month"]{line-height:30px}input[type="date"].input-lg,input[type="time"].input-lg,input[type="datetime-local"].input-lg,input[type="month"].input-lg,.input-group-lg input[type="date"],.input-group-lg input[type="time"],.input-group-lg input[type="datetime-local"],.input-group-lg input[type="month"]{line-height:46px}}.form-group{margin-bottom:15px}.radio,.checkbox{position:relative;display:block;margin-top:10px;margin-bottom:10px}.radio label,.checkbox label{min-height:20px;padding-left:20px;margin-bottom:0;font-weight:normal;cursor:pointer}.radio input[type="radio"],.radio-inline input[type="radio"],.checkbox input[type="checkbox"],.checkbox-inline input[type="checkbox"]{position:absolute;margin-left:-20px;margin-top:4px \9}.radio+.radio,.checkbox+.checkbox{margin-top:-5px}.radio-inline,.checkbox-inline{position:relative;display:inline-block;padding-left:20px;margin-bottom:0;vertical-align:middle;font-weight:normal;cursor:pointer}.radio-inline+.radio-inline,.checkbox-inline+.checkbox-inline{margin-top:0;margin-left:10px}input[type="radio"][disabled],input[type="checkbox"][disabled],input[type="radio"].disabled,input[type="checkbox"].disabled,fieldset[disabled] input[type="radio"],fieldset[disabled] input[type="checkbox"]{cursor:not-allowed}.radio-inline.disabled,.checkbox-inline.disabled,fieldset[disabled] .radio-inline,fieldset[disabled] .checkbox-inline{cursor:not-allowed}.radio.disabled label,.checkbox.disabled label,fieldset[disabled] .radio label,fieldset[disabled] .checkbox label{cursor:not-allowed}.form-control-static{padding-top:7px;padding-bottom:7px;margin-bottom:0;min-height:34px}.form-control-static.input-lg,.form-control-static.input-sm{padding-left:0;padding-right:0}.input-sm{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-sm{height:30px;line-height:30px}textarea.input-sm,select[multiple].input-sm{height:auto}.form-group-sm .form-control{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.form-group-sm select.form-control{height:30px;line-height:30px}.form-group-sm textarea.form-control,.form-group-sm select[multiple].form-control{height:auto}.form-group-sm .form-control-static{height:30px;min-height:32px;padding:6px 10px;font-size:12px;line-height:1.5}.input-lg{height:46px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}select.input-lg{height:46px;line-height:46px}textarea.input-lg,select[multiple].input-lg{height:auto}.form-group-lg .form-control{height:46px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}.form-group-lg select.form-control{height:46px;line-height:46px}.form-group-lg textarea.form-control,.form-group-lg select[multiple].form-control{height:auto}.form-group-lg .form-control-static{height:46px;min-height:38px;padding:11px 16px;font-size:18px;line-height:1.33}.has-feedback{position:relative}.has-feedback .form-control{padding-right:42.5px}.form-control-feedback{position:absolute;top:0;right:0;z-index:2;display:block;width:34px;height:34px;line-height:34px;text-align:center;pointer-events:none}.input-lg+.form-control-feedback,.input-group-lg+.form-control-feedback,.form-group-lg .form-control+.form-control-feedback{width:46px;height:46px;line-height:46px}.input-sm+.form-control-feedback,.input-group-sm+.form-control-feedback,.form-group-sm .form-control+.form-control-feedback{width:30px;height:30px;line-height:30px}.has-success .help-block,.has-success .control-label,.has-success .radio,.has-success .checkbox,.has-success .radio-inline,.has-success .checkbox-inline,.has-success.radio label,.has-success.checkbox label,.has-success.radio-inline label,.has-success.checkbox-inline label{color:#3c763d}.has-success .form-control{border-color:#3c763d;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-success .form-control:focus{border-color:#2b542c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #67b168;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #67b168}.has-success .input-group-addon{color:#3c763d;border-color:#3c763d;background-color:#dff0d8}.has-success .form-control-feedback{color:#3c763d}.has-warning .help-block,.has-warning .control-label,.has-warning .radio,.has-warning .checkbox,.has-warning .radio-inline,.has-warning .checkbox-inline,.has-warning.radio label,.has-warning.checkbox label,.has-warning.radio-inline label,.has-warning.checkbox-inline label{color:#8a6d3b}.has-warning .form-control{border-color:#8a6d3b;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-warning .form-control:focus{border-color:#66512c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #c0a16b;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #c0a16b}.has-warning .input-group-addon{color:#8a6d3b;border-color:#8a6d3b;background-color:#fcf8e3}.has-warning .form-control-feedback{color:#8a6d3b}.has-error .help-block,.has-error .control-label,.has-error .radio,.has-error .checkbox,.has-error .radio-inline,.has-error .checkbox-inline,.has-error.radio label,.has-error.checkbox label,.has-error.radio-inline label,.has-error.checkbox-inline label{color:#a94442}.has-error .form-control{border-color:#a94442;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-error .form-control:focus{border-color:#843534;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #ce8483;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #ce8483}.has-error .input-group-addon{color:#a94442;border-color:#a94442;background-color:#f2dede}.has-error .form-control-feedback{color:#a94442}.has-feedback label~.form-control-feedback{top:25px}.has-feedback label.sr-only~.form-control-feedback{top:0}.help-block{display:block;margin-top:5px;margin-bottom:10px;color:#737373}@media (min-width:768px){.form-inline .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.form-inline .form-control{display:inline-block;width:auto;vertical-align:middle}.form-inline .form-control-static{display:inline-block}.form-inline .input-group{display:inline-table;vertical-align:middle}.form-inline .input-group .input-group-addon,.form-inline .input-group .input-group-btn,.form-inline .input-group .form-control{width:auto}.form-inline .input-group>.form-control{width:100%}.form-inline .control-label{margin-bottom:0;vertical-align:middle}.form-inline .radio,.form-inline .checkbox{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.form-inline .radio label,.form-inline .checkbox label{padding-left:0}.form-inline .radio input[type="radio"],.form-inline .checkbox input[type="checkbox"]{position:relative;margin-left:0}.form-inline .has-feedback .form-control-feedback{top:0}}.form-horizontal .radio,.form-horizontal .checkbox,.form-horizontal .radio-inline,.form-horizontal .checkbox-inline{margin-top:0;margin-bottom:0;padding-top:7px}.form-horizontal .radio,.form-horizontal .checkbox{min-height:27px}.form-horizontal .form-group{margin-left:-15px;margin-right:-15px}@media (min-width:768px){.form-horizontal .control-label{text-align:right;margin-bottom:0;padding-top:7px}}.form-horizontal .has-feedback .form-control-feedback{right:15px}@media (min-width:768px){.form-horizontal .form-group-lg .control-label{padding-top:11px;font-size:18px}}@media (min-width:768px){.form-horizontal .form-group-sm .control-label{padding-top:6px;font-size:12px}}.btn{display:inline-block;margin-bottom:0;font-weight:normal;text-align:center;vertical-align:middle;-ms-touch-action:manipulation;touch-action:manipulation;cursor:pointer;background-image:none;border:1px solid transparent;white-space:nowrap;padding:6px 12px;font-size:14px;line-height:1.42857143;border-radius:4px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.btn:focus,.btn:active:focus,.btn.active:focus,.btn.focus,.btn:active.focus,.btn.active.focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn:hover,.btn:focus,.btn.focus{color:#333;text-decoration:none}.btn:active,.btn.active{outline:0;background-image:none;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{cursor:not-allowed;opacity:.65;filter:alpha(opacity=65);-webkit-box-shadow:none;box-shadow:none}a.btn.disabled,fieldset[disabled] a.btn{pointer-events:none}.btn-default{color:#333;background-color:#fff;border-color:#ccc}.btn-default:focus,.btn-default.focus{color:#333;background-color:#e6e6e6;border-color:#8c8c8c}.btn-default:hover{color:#333;background-color:#e6e6e6;border-color:#adadad}.btn-default:active,.btn-default.active,.open>.dropdown-toggle.btn-default{color:#333;background-color:#e6e6e6;border-color:#adadad}.btn-default:active:hover,.btn-default.active:hover,.open>.dropdown-toggle.btn-default:hover,.btn-default:active:focus,.btn-default.active:focus,.open>.dropdown-toggle.btn-default:focus,.btn-default:active.focus,.btn-default.active.focus,.open>.dropdown-toggle.btn-default.focus{color:#333;background-color:#d4d4d4;border-color:#8c8c8c}.btn-default:active,.btn-default.active,.open>.dropdown-toggle.btn-default{background-image:none}.btn-default.disabled:hover,.btn-default[disabled]:hover,fieldset[disabled] .btn-default:hover,.btn-default.disabled:focus,.btn-default[disabled]:focus,fieldset[disabled] .btn-default:focus,.btn-default.disabled.focus,.btn-default[disabled].focus,fieldset[disabled] .btn-default.focus{background-color:#fff;border-color:#ccc}.btn-default .badge{color:#fff;background-color:#333}.btn-primary{color:#fff;background-color:#428bca;border-color:#357ebd}.btn-primary:focus,.btn-primary.focus{color:#fff;background-color:#3071a9;border-color:#193c5a}.btn-primary:hover{color:#fff;background-color:#3071a9;border-color:#285e8e}.btn-primary:active,.btn-primary.active,.open>.dropdown-toggle.btn-primary{color:#fff;background-color:#3071a9;border-color:#285e8e}.btn-primary:active:hover,.btn-primary.active:hover,.open>.dropdown-toggle.btn-primary:hover,.btn-primary:active:focus,.btn-primary.active:focus,.open>.dropdown-toggle.btn-primary:focus,.btn-primary:active.focus,.btn-primary.active.focus,.open>.dropdown-toggle.btn-primary.focus{color:#fff;background-color:#285e8e;border-color:#193c5a}.btn-primary:active,.btn-primary.active,.open>.dropdown-toggle.btn-primary{background-image:none}.btn-primary.disabled:hover,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary:hover,.btn-primary.disabled:focus,.btn-primary[disabled]:focus,fieldset[disabled] .btn-primary:focus,.btn-primary.disabled.focus,.btn-primary[disabled].focus,fieldset[disabled] .btn-primary.focus{background-color:#428bca;border-color:#357ebd}.btn-primary .badge{color:#428bca;background-color:#fff}.btn-success{color:#fff;background-color:#5cb85c;border-color:#4cae4c}.btn-success:focus,.btn-success.focus{color:#fff;background-color:#449d44;border-color:#255625}.btn-success:hover{color:#fff;background-color:#449d44;border-color:#398439}.btn-success:active,.btn-success.active,.open>.dropdown-toggle.btn-success{color:#fff;background-color:#449d44;border-color:#398439}.btn-success:active:hover,.btn-success.active:hover,.open>.dropdown-toggle.btn-success:hover,.btn-success:active:focus,.btn-success.active:focus,.open>.dropdown-toggle.btn-success:focus,.btn-success:active.focus,.btn-success.active.focus,.open>.dropdown-toggle.btn-success.focus{color:#fff;background-color:#398439;border-color:#255625}.btn-success:active,.btn-success.active,.open>.dropdown-toggle.btn-success{background-image:none}.btn-success.disabled:hover,.btn-success[disabled]:hover,fieldset[disabled] .btn-success:hover,.btn-success.disabled:focus,.btn-success[disabled]:focus,fieldset[disabled] .btn-success:focus,.btn-success.disabled.focus,.btn-success[disabled].focus,fieldset[disabled] .btn-success.focus{background-color:#5cb85c;border-color:#4cae4c}.btn-success .badge{color:#5cb85c;background-color:#fff}.btn-info{color:#fff;background-color:#5bc0de;border-color:#46b8da}.btn-info:focus,.btn-info.focus{color:#fff;background-color:#31b0d5;border-color:#1b6d85}.btn-info:hover{color:#fff;background-color:#31b0d5;border-color:#269abc}.btn-info:active,.btn-info.active,.open>.dropdown-toggle.btn-info{color:#fff;background-color:#31b0d5;border-color:#269abc}.btn-info:active:hover,.btn-info.active:hover,.open>.dropdown-toggle.btn-info:hover,.btn-info:active:focus,.btn-info.active:focus,.open>.dropdown-toggle.btn-info:focus,.btn-info:active.focus,.btn-info.active.focus,.open>.dropdown-toggle.btn-info.focus{color:#fff;background-color:#269abc;border-color:#1b6d85}.btn-info:active,.btn-info.active,.open>.dropdown-toggle.btn-info{background-image:none}.btn-info.disabled:hover,.btn-info[disabled]:hover,fieldset[disabled] .btn-info:hover,.btn-info.disabled:focus,.btn-info[disabled]:focus,fieldset[disabled] .btn-info:focus,.btn-info.disabled.focus,.btn-info[disabled].focus,fieldset[disabled] .btn-info.focus{background-color:#5bc0de;border-color:#46b8da}.btn-info .badge{color:#5bc0de;background-color:#fff}.btn-warning{color:#fff;background-color:#f0ad4e;border-color:#eea236}.btn-warning:focus,.btn-warning.focus{color:#fff;background-color:#ec971f;border-color:#985f0d}.btn-warning:hover{color:#fff;background-color:#ec971f;border-color:#d58512}.btn-warning:active,.btn-warning.active,.open>.dropdown-toggle.btn-warning{color:#fff;background-color:#ec971f;border-color:#d58512}.btn-warning:active:hover,.btn-warning.active:hover,.open>.dropdown-toggle.btn-warning:hover,.btn-warning:active:focus,.btn-warning.active:focus,.open>.dropdown-toggle.btn-warning:focus,.btn-warning:active.focus,.btn-warning.active.focus,.open>.dropdown-toggle.btn-warning.focus{color:#fff;background-color:#d58512;border-color:#985f0d}.btn-warning:active,.btn-warning.active,.open>.dropdown-toggle.btn-warning{background-image:none}.btn-warning.disabled:hover,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning:hover,.btn-warning.disabled:focus,.btn-warning[disabled]:focus,fieldset[disabled] .btn-warning:focus,.btn-warning.disabled.focus,.btn-warning[disabled].focus,fieldset[disabled] .btn-warning.focus{background-color:#f0ad4e;border-color:#eea236}.btn-warning .badge{color:#f0ad4e;background-color:#fff}.btn-danger{color:#fff;background-color:#d9534f;border-color:#d43f3a}.btn-danger:focus,.btn-danger.focus{color:#fff;background-color:#c9302c;border-color:#761c19}.btn-danger:hover{color:#fff;background-color:#c9302c;border-color:#ac2925}.btn-danger:active,.btn-danger.active,.open>.dropdown-toggle.btn-danger{color:#fff;background-color:#c9302c;border-color:#ac2925}.btn-danger:active:hover,.btn-danger.active:hover,.open>.dropdown-toggle.btn-danger:hover,.btn-danger:active:focus,.btn-danger.active:focus,.open>.dropdown-toggle.btn-danger:focus,.btn-danger:active.focus,.btn-danger.active.focus,.open>.dropdown-toggle.btn-danger.focus{color:#fff;background-color:#ac2925;border-color:#761c19}.btn-danger:active,.btn-danger.active,.open>.dropdown-toggle.btn-danger{background-image:none}.btn-danger.disabled:hover,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger:hover,.btn-danger.disabled:focus,.btn-danger[disabled]:focus,fieldset[disabled] .btn-danger:focus,.btn-danger.disabled.focus,.btn-danger[disabled].focus,fieldset[disabled] .btn-danger.focus{background-color:#d9534f;border-color:#d43f3a}.btn-danger .badge{color:#d9534f;background-color:#fff}.btn-link{color:#428bca;font-weight:normal;border-radius:0}.btn-link,.btn-link:active,.btn-link.active,.btn-link[disabled],fieldset[disabled] .btn-link{background-color:transparent;-webkit-box-shadow:none;box-shadow:none}.btn-link,.btn-link:hover,.btn-link:focus,.btn-link:active{border-color:transparent}.btn-link:hover,.btn-link:focus{color:#2a6496;text-decoration:underline;background-color:transparent}.btn-link[disabled]:hover,fieldset[disabled] .btn-link:hover,.btn-link[disabled]:focus,fieldset[disabled] .btn-link:focus{color:#777;text-decoration:none}.btn-lg,.btn-group-lg>.btn{padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}.btn-sm,.btn-group-sm>.btn{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-xs,.btn-group-xs>.btn{padding:1px 5px;font-size:12px;line-height:1.5;border-radius:3px}.btn-block{display:block;width:100%}.btn-block+.btn-block{margin-top:5px}input[type="submit"].btn-block,input[type="reset"].btn-block,input[type="button"].btn-block{width:100%}.fade{opacity:0;-webkit-transition:opacity .15s linear;-o-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{display:none}.collapse.in{display:block}tr.collapse.in{display:table-row}tbody.collapse.in{display:table-row-group}.collapsing{position:relative;height:0;overflow:hidden;-webkit-transition-property:height, visibility;-o-transition-property:height, visibility;transition-property:height, visibility;-webkit-transition-duration:.35s;-o-transition-duration:.35s;transition-duration:.35s;-webkit-transition-timing-function:ease;-o-transition-timing-function:ease;transition-timing-function:ease}.btn-group,.btn-group-vertical{position:relative;display:inline-block;vertical-align:middle}.btn-group>.btn,.btn-group-vertical>.btn{position:relative;float:left}.btn-group>.btn:hover,.btn-group-vertical>.btn:hover,.btn-group>.btn:focus,.btn-group-vertical>.btn:focus,.btn-group>.btn:active,.btn-group-vertical>.btn:active,.btn-group>.btn.active,.btn-group-vertical>.btn.active{z-index:2}.btn-group .btn+.btn,.btn-group .btn+.btn-group,.btn-group .btn-group+.btn,.btn-group .btn-group+.btn-group{margin-left:-1px}.btn-toolbar{margin-left:-5px}.btn-toolbar .btn,.btn-toolbar .btn-group,.btn-toolbar .input-group{float:left}.btn-toolbar>.btn,.btn-toolbar>.btn-group,.btn-toolbar>.input-group{margin-left:5px}.btn-group>.btn:not(:first-child):not(:last-child):not(.dropdown-toggle){border-radius:0}.btn-group>.btn:first-child{margin-left:0}.btn-group>.btn:first-child:not(:last-child):not(.dropdown-toggle){border-bottom-right-radius:0;border-top-right-radius:0}.btn-group>.btn:last-child:not(:first-child),.btn-group>.dropdown-toggle:not(:first-child){border-bottom-left-radius:0;border-top-left-radius:0}.btn-group>.btn-group{float:left}.btn-group>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-bottom-right-radius:0;border-top-right-radius:0}.btn-group>.btn-group:last-child:not(:first-child)>.btn:first-child{border-bottom-left-radius:0;border-top-left-radius:0}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group>.btn+.dropdown-toggle{padding-left:8px;padding-right:8px}.btn-group>.btn-lg+.dropdown-toggle{padding-left:12px;padding-right:12px}.btn-group.open .dropdown-toggle{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn-group.open .dropdown-toggle.btn-link{-webkit-box-shadow:none;box-shadow:none}.btn .caret{margin-left:0}.btn-lg .caret{border-width:5px 5px 0;border-bottom-width:0}.dropup .btn-lg .caret{border-width:0 5px 5px}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group,.btn-group-vertical>.btn-group>.btn{display:block;float:none;width:100%;max-width:100%}.btn-group-vertical>.btn-group>.btn{float:none}.btn-group-vertical>.btn+.btn,.btn-group-vertical>.btn+.btn-group,.btn-group-vertical>.btn-group+.btn,.btn-group-vertical>.btn-group+.btn-group{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:not(:first-child):not(:last-child){border-radius:0}.btn-group-vertical>.btn:first-child:not(:last-child){border-top-right-radius:4px;border-top-left-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn:last-child:not(:first-child){border-top-right-radius:0;border-top-left-radius:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.btn-group-vertical>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group-vertical>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group-vertical>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:last-child:not(:first-child)>.btn:first-child{border-top-right-radius:0;border-top-left-radius:0}.btn-group-justified{display:table;width:100%;table-layout:fixed;border-collapse:separate}.btn-group-justified>.btn,.btn-group-justified>.btn-group{float:none;display:table-cell;width:1%}.btn-group-justified>.btn-group .btn{width:100%}.btn-group-justified>.btn-group .dropdown-menu{left:auto}[data-toggle="buttons"]>.btn input[type="radio"],[data-toggle="buttons"]>.btn-group>.btn input[type="radio"],[data-toggle="buttons"]>.btn input[type="checkbox"],[data-toggle="buttons"]>.btn-group>.btn input[type="checkbox"]{position:absolute;clip:rect(0, 0, 0, 0);pointer-events:none}.input-group{position:relative;display:table;border-collapse:separate}.input-group[class*="col-"]{float:none;padding-left:0;padding-right:0}.input-group .form-control{position:relative;z-index:2;float:left;width:100%;margin-bottom:0}.input-group .form-control:focus{z-index:3}.input-group-lg>.form-control,.input-group-lg>.input-group-addon,.input-group-lg>.input-group-btn>.btn{height:46px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}select.input-group-lg>.form-control,select.input-group-lg>.input-group-addon,select.input-group-lg>.input-group-btn>.btn{height:46px;line-height:46px}textarea.input-group-lg>.form-control,textarea.input-group-lg>.input-group-addon,textarea.input-group-lg>.input-group-btn>.btn,select[multiple].input-group-lg>.form-control,select[multiple].input-group-lg>.input-group-addon,select[multiple].input-group-lg>.input-group-btn>.btn{height:auto}.input-group-sm>.form-control,.input-group-sm>.input-group-addon,.input-group-sm>.input-group-btn>.btn{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-group-sm>.form-control,select.input-group-sm>.input-group-addon,select.input-group-sm>.input-group-btn>.btn{height:30px;line-height:30px}textarea.input-group-sm>.form-control,textarea.input-group-sm>.input-group-addon,textarea.input-group-sm>.input-group-btn>.btn,select[multiple].input-group-sm>.form-control,select[multiple].input-group-sm>.input-group-addon,select[multiple].input-group-sm>.input-group-btn>.btn{height:auto}.input-group-addon,.input-group-btn,.input-group .form-control{display:table-cell}.input-group-addon:not(:first-child):not(:last-child),.input-group-btn:not(:first-child):not(:last-child),.input-group .form-control:not(:first-child):not(:last-child){border-radius:0}.input-group-addon,.input-group-btn{width:1%;white-space:nowrap;vertical-align:middle}.input-group-addon{padding:6px 12px;font-size:14px;font-weight:normal;line-height:1;color:#555;text-align:center;background-color:#eee;border:1px solid #ccc;border-radius:4px}.input-group-addon.input-sm{padding:5px 10px;font-size:12px;border-radius:3px}.input-group-addon.input-lg{padding:10px 16px;font-size:18px;border-radius:6px}.input-group-addon input[type="radio"],.input-group-addon input[type="checkbox"]{margin-top:0}.input-group .form-control:first-child,.input-group-addon:first-child,.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group>.btn,.input-group-btn:first-child>.dropdown-toggle,.input-group-btn:last-child>.btn:not(:last-child):not(.dropdown-toggle),.input-group-btn:last-child>.btn-group:not(:last-child)>.btn{border-bottom-right-radius:0;border-top-right-radius:0}.input-group-addon:first-child{border-right:0}.input-group .form-control:last-child,.input-group-addon:last-child,.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group>.btn,.input-group-btn:last-child>.dropdown-toggle,.input-group-btn:first-child>.btn:not(:first-child),.input-group-btn:first-child>.btn-group:not(:first-child)>.btn{border-bottom-left-radius:0;border-top-left-radius:0}.input-group-addon:last-child{border-left:0}.input-group-btn{position:relative;font-size:0;white-space:nowrap}.input-group-btn>.btn{position:relative}.input-group-btn>.btn+.btn{margin-left:-1px}.input-group-btn>.btn:hover,.input-group-btn>.btn:focus,.input-group-btn>.btn:active{z-index:2}.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group{margin-right:-1px}.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group{z-index:2;margin-left:-1px}.nav{margin-bottom:0;padding-left:0;list-style:none}.nav>li{position:relative;display:block}.nav>li>a{position:relative;display:block;padding:10px 15px}.nav>li>a:hover,.nav>li>a:focus{text-decoration:none;background-color:#eee}.nav>li.disabled>a{color:#777}.nav>li.disabled>a:hover,.nav>li.disabled>a:focus{color:#777;text-decoration:none;background-color:transparent;cursor:not-allowed}.nav .open>a,.nav .open>a:hover,.nav .open>a:focus{background-color:#eee;border-color:#428bca}.nav .nav-divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.nav>li>a>img{max-width:none}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{margin-right:2px;line-height:1.42857143;border:1px solid transparent;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover{border-color:#eee #eee #ddd}.nav-tabs>li.active>a,.nav-tabs>li.active>a:hover,.nav-tabs>li.active>a:focus{color:#555;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent;cursor:default}.nav-tabs.nav-justified{width:100%;border-bottom:0}.nav-tabs.nav-justified>li{float:none}.nav-tabs.nav-justified>li>a{text-align:center;margin-bottom:5px}.nav-tabs.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-tabs.nav-justified>li{display:table-cell;width:1%}.nav-tabs.nav-justified>li>a{margin-bottom:0}}.nav-tabs.nav-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border:1px solid #ddd}@media (min-width:768px){.nav-tabs.nav-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border-bottom-color:#fff}}.nav-pills>li{float:left}.nav-pills>li>a{border-radius:4px}.nav-pills>li+li{margin-left:2px}.nav-pills>li.active>a,.nav-pills>li.active>a:hover,.nav-pills>li.active>a:focus{color:#fff;background-color:#428bca}.nav-stacked>li{float:none}.nav-stacked>li+li{margin-top:2px;margin-left:0}.nav-justified{width:100%}.nav-justified>li{float:none}.nav-justified>li>a{text-align:center;margin-bottom:5px}.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-justified>li{display:table-cell;width:1%}.nav-justified>li>a{margin-bottom:0}}.nav-tabs-justified{border-bottom:0}.nav-tabs-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border:1px solid #ddd}@media (min-width:768px){.nav-tabs-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border-bottom-color:#fff}}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-right-radius:0;border-top-left-radius:0}.navbar{position:relative;min-height:50px;margin-bottom:20px;border:1px solid transparent}@media (min-width:768px){.navbar{border-radius:4px}}@media (min-width:768px){.navbar-header{float:left}}.navbar-collapse{overflow-x:visible;padding-right:15px;padding-left:15px;border-top:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);-webkit-overflow-scrolling:touch}.navbar-collapse.in{overflow-y:auto}@media (min-width:768px){.navbar-collapse{width:auto;border-top:0;-webkit-box-shadow:none;box-shadow:none}.navbar-collapse.collapse{display:block !important;height:auto !important;padding-bottom:0;overflow:visible !important}.navbar-collapse.in{overflow-y:visible}.navbar-fixed-top .navbar-collapse,.navbar-static-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{padding-left:0;padding-right:0}}.navbar-fixed-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{max-height:340px}@media (max-device-width:480px) and (orientation:landscape){.navbar-fixed-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{max-height:200px}}.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:-15px;margin-left:-15px}@media (min-width:768px){.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:0;margin-left:0}}.navbar-static-top{z-index:1000;border-width:0 0 1px}@media (min-width:768px){.navbar-static-top{border-radius:0}}.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;z-index:1030}@media (min-width:768px){.navbar-fixed-top,.navbar-fixed-bottom{border-radius:0}}.navbar-fixed-top{top:0;border-width:0 0 1px}.navbar-fixed-bottom{bottom:0;margin-bottom:0;border-width:1px 0 0}.navbar-brand{float:left;padding:15px 15px;font-size:18px;line-height:20px;height:50px}.navbar-brand:hover,.navbar-brand:focus{text-decoration:none}.navbar-brand>img{display:block}@media (min-width:768px){.navbar>.container .navbar-brand,.navbar>.container-fluid .navbar-brand{margin-left:-15px}}.navbar-toggle{position:relative;float:right;margin-right:15px;padding:9px 10px;margin-top:8px;margin-bottom:8px;background-color:transparent;background-image:none;border:1px solid transparent;border-radius:4px}.navbar-toggle:focus{outline:0}.navbar-toggle .icon-bar{display:block;width:22px;height:2px;border-radius:1px}.navbar-toggle .icon-bar+.icon-bar{margin-top:4px}@media (min-width:768px){.navbar-toggle{display:none}}.navbar-nav{margin:7.5px -15px}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px;line-height:20px}@media (max-width:767px){.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;-webkit-box-shadow:none;box-shadow:none}.navbar-nav .open .dropdown-menu>li>a,.navbar-nav .open .dropdown-menu .dropdown-header{padding:5px 15px 5px 25px}.navbar-nav .open .dropdown-menu>li>a{line-height:20px}.navbar-nav .open .dropdown-menu>li>a:hover,.navbar-nav .open .dropdown-menu>li>a:focus{background-image:none}}@media (min-width:768px){.navbar-nav{float:left;margin:0}.navbar-nav>li{float:left}.navbar-nav>li>a{padding-top:15px;padding-bottom:15px}}.navbar-form{margin-left:-15px;margin-right:-15px;padding:10px 15px;border-top:1px solid transparent;border-bottom:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);margin-top:8px;margin-bottom:8px}@media (min-width:768px){.navbar-form .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.navbar-form .form-control{display:inline-block;width:auto;vertical-align:middle}.navbar-form .form-control-static{display:inline-block}.navbar-form .input-group{display:inline-table;vertical-align:middle}.navbar-form .input-group .input-group-addon,.navbar-form .input-group .input-group-btn,.navbar-form .input-group .form-control{width:auto}.navbar-form .input-group>.form-control{width:100%}.navbar-form .control-label{margin-bottom:0;vertical-align:middle}.navbar-form .radio,.navbar-form .checkbox{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.navbar-form .radio label,.navbar-form .checkbox label{padding-left:0}.navbar-form .radio input[type="radio"],.navbar-form .checkbox input[type="checkbox"]{position:relative;margin-left:0}.navbar-form .has-feedback .form-control-feedback{top:0}}@media (max-width:767px){.navbar-form .form-group{margin-bottom:5px}.navbar-form .form-group:last-child{margin-bottom:0}}@media (min-width:768px){.navbar-form{width:auto;border:0;margin-left:0;margin-right:0;padding-top:0;padding-bottom:0;-webkit-box-shadow:none;box-shadow:none}}.navbar-nav>li>.dropdown-menu{margin-top:0;border-top-right-radius:0;border-top-left-radius:0}.navbar-fixed-bottom .navbar-nav>li>.dropdown-menu{margin-bottom:0;border-top-right-radius:4px;border-top-left-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.navbar-btn{margin-top:8px;margin-bottom:8px}.navbar-btn.btn-sm{margin-top:10px;margin-bottom:10px}.navbar-btn.btn-xs{margin-top:14px;margin-bottom:14px}.navbar-text{margin-top:15px;margin-bottom:15px}@media (min-width:768px){.navbar-text{float:left;margin-left:15px;margin-right:15px}}@media (min-width:768px){.navbar-left{float:left !important}.navbar-right{float:right !important;margin-right:-15px}.navbar-right~.navbar-right{margin-right:0}}.navbar-default{background-color:#f8f8f8;border-color:#e7e7e7}.navbar-default .navbar-brand{color:#777}.navbar-default .navbar-brand:hover,.navbar-default .navbar-brand:focus{color:#5e5e5e;background-color:transparent}.navbar-default .navbar-text{color:#777}.navbar-default .navbar-nav>li>a{color:#777}.navbar-default .navbar-nav>li>a:hover,.navbar-default .navbar-nav>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.active>a:hover,.navbar-default .navbar-nav>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav>.disabled>a,.navbar-default .navbar-nav>.disabled>a:hover,.navbar-default .navbar-nav>.disabled>a:focus{color:#ccc;background-color:transparent}.navbar-default .navbar-toggle{border-color:#ddd}.navbar-default .navbar-toggle:hover,.navbar-default .navbar-toggle:focus{background-color:#ddd}.navbar-default .navbar-toggle .icon-bar{background-color:#888}.navbar-default .navbar-collapse,.navbar-default .navbar-form{border-color:#e7e7e7}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.open>a:hover,.navbar-default .navbar-nav>.open>a:focus{background-color:#e7e7e7;color:#555}@media (max-width:767px){.navbar-default .navbar-nav .open .dropdown-menu>li>a{color:#777}.navbar-default .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav .open .dropdown-menu>.active>a,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#ccc;background-color:transparent}}.navbar-default .navbar-link{color:#777}.navbar-default .navbar-link:hover{color:#333}.navbar-default .btn-link{color:#777}.navbar-default .btn-link:hover,.navbar-default .btn-link:focus{color:#333}.navbar-default .btn-link[disabled]:hover,fieldset[disabled] .navbar-default .btn-link:hover,.navbar-default .btn-link[disabled]:focus,fieldset[disabled] .navbar-default .btn-link:focus{color:#ccc}.navbar-inverse{background-color:#222;border-color:#080808}.navbar-inverse .navbar-brand{color:#777}.navbar-inverse .navbar-brand:hover,.navbar-inverse .navbar-brand:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-text{color:#777}.navbar-inverse .navbar-nav>li>a{color:#777}.navbar-inverse .navbar-nav>li>a:hover,.navbar-inverse .navbar-nav>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.active>a:hover,.navbar-inverse .navbar-nav>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav>.disabled>a,.navbar-inverse .navbar-nav>.disabled>a:hover,.navbar-inverse .navbar-nav>.disabled>a:focus{color:#444;background-color:transparent}.navbar-inverse .navbar-toggle{border-color:#333}.navbar-inverse .navbar-toggle:hover,.navbar-inverse .navbar-toggle:focus{background-color:#333}.navbar-inverse .navbar-toggle .icon-bar{background-color:#fff}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#101010}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.open>a:hover,.navbar-inverse .navbar-nav>.open>a:focus{background-color:#080808;color:#fff}@media (max-width:767px){.navbar-inverse .navbar-nav .open .dropdown-menu>.dropdown-header{border-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu .divider{background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a{color:#777}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#444;background-color:transparent}}.navbar-inverse .navbar-link{color:#777}.navbar-inverse .navbar-link:hover{color:#fff}.navbar-inverse .btn-link{color:#777}.navbar-inverse .btn-link:hover,.navbar-inverse .btn-link:focus{color:#fff}.navbar-inverse .btn-link[disabled]:hover,fieldset[disabled] .navbar-inverse .btn-link:hover,.navbar-inverse .btn-link[disabled]:focus,fieldset[disabled] .navbar-inverse .btn-link:focus{color:#444}.label{display:inline;padding:.2em .6em .3em;font-size:75%;font-weight:bold;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:.25em}a.label:hover,a.label:focus{color:#fff;text-decoration:none;cursor:pointer}.label:empty{display:none}.btn .label{position:relative;top:-1px}.label-default{background-color:#777}.label-default[href]:hover,.label-default[href]:focus{background-color:#5e5e5e}.label-primary{background-color:#428bca}.label-primary[href]:hover,.label-primary[href]:focus{background-color:#3071a9}.label-success{background-color:#5cb85c}.label-success[href]:hover,.label-success[href]:focus{background-color:#449d44}.label-info{background-color:#5bc0de}.label-info[href]:hover,.label-info[href]:focus{background-color:#31b0d5}.label-warning{background-color:#f0ad4e}.label-warning[href]:hover,.label-warning[href]:focus{background-color:#ec971f}.label-danger{background-color:#d9534f}.label-danger[href]:hover,.label-danger[href]:focus{background-color:#c9302c}.badge{display:inline-block;min-width:10px;padding:3px 7px;font-size:12px;font-weight:bold;color:#fff;line-height:1;vertical-align:middle;white-space:nowrap;text-align:center;background-color:#777;border-radius:10px}.badge:empty{display:none}.btn .badge{position:relative;top:-1px}.btn-xs .badge,.btn-group-xs>.btn .badge{top:0;padding:1px 5px}a.badge:hover,a.badge:focus{color:#fff;text-decoration:none;cursor:pointer}.list-group-item.active>.badge,.nav-pills>.active>a>.badge{color:#428bca;background-color:#fff}.list-group-item>.badge{float:right}.list-group-item>.badge+.badge{margin-right:5px}.nav-pills>li>a>.badge{margin-left:3px}.alert{padding:15px;margin-bottom:20px;border:1px solid transparent;border-radius:4px}.alert h4{margin-top:0;color:inherit}.alert .alert-link{font-weight:bold}.alert>p,.alert>ul{margin-bottom:0}.alert>p+p{margin-top:5px}.alert-dismissable,.alert-dismissible{padding-right:35px}.alert-dismissable .close,.alert-dismissible .close{position:relative;top:-2px;right:-21px;color:inherit}.alert-success{background-color:#dff0d8;border-color:#d6e9c6;color:#3c763d}.alert-success hr{border-top-color:#c9e2b3}.alert-success .alert-link{color:#2b542c}.alert-info{background-color:#d9edf7;border-color:#bce8f1;color:#31708f}.alert-info hr{border-top-color:#a6e1ec}.alert-info .alert-link{color:#245269}.alert-warning{background-color:#fcf8e3;border-color:#faebcc;color:#8a6d3b}.alert-warning hr{border-top-color:#f7e1b5}.alert-warning .alert-link{color:#66512c}.alert-danger{background-color:#f2dede;border-color:#ebccd1;color:#a94442}.alert-danger hr{border-top-color:#e4b9c0}.alert-danger .alert-link{color:#843534}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{overflow:hidden;height:20px;margin-bottom:20px;background-color:#f5f5f5;border-radius:4px;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1)}.progress-bar{float:left;width:0%;height:100%;font-size:12px;line-height:20px;color:#fff;text-align:center;background-color:#428bca;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-webkit-transition:width .6s ease;-o-transition:width .6s ease;transition:width .6s ease}.progress-striped .progress-bar,.progress-bar-striped{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);-webkit-background-size:40px 40px;background-size:40px 40px}.progress.active .progress-bar,.progress-bar.active{-webkit-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-bar-success{background-color:#5cb85c}.progress-striped .progress-bar-success{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-info{background-color:#5bc0de}.progress-striped .progress-bar-info{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-warning{background-color:#f0ad4e}.progress-striped .progress-bar-warning{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-danger{background-color:#d9534f}.progress-striped .progress-bar-danger{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.panel{margin-bottom:20px;background-color:#fff;border:1px solid transparent;border-radius:4px;-webkit-box-shadow:0 1px 1px rgba(0,0,0,0.05);box-shadow:0 1px 1px rgba(0,0,0,0.05)}.panel-body{padding:15px}.panel-heading{padding:10px 15px;border-bottom:1px solid transparent;border-top-right-radius:3px;border-top-left-radius:3px}.panel-heading>.dropdown .dropdown-toggle{color:inherit}.panel-title{margin-top:0;margin-bottom:0;font-size:16px;color:inherit}.panel-title>a,.panel-title>small,.panel-title>.small,.panel-title>small>a,.panel-title>.small>a{color:inherit}.panel-footer{padding:10px 15px;background-color:#f5f5f5;border-top:1px solid #ddd;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.list-group,.panel>.panel-collapse>.list-group{margin-bottom:0}.panel>.list-group .list-group-item,.panel>.panel-collapse>.list-group .list-group-item{border-width:1px 0;border-radius:0}.panel>.list-group:first-child .list-group-item:first-child,.panel>.panel-collapse>.list-group:first-child .list-group-item:first-child{border-top:0;border-top-right-radius:3px;border-top-left-radius:3px}.panel>.list-group:last-child .list-group-item:last-child,.panel>.panel-collapse>.list-group:last-child .list-group-item:last-child{border-bottom:0;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.panel-heading+.panel-collapse>.list-group .list-group-item:first-child{border-top-right-radius:0;border-top-left-radius:0}.panel-heading+.list-group .list-group-item:first-child{border-top-width:0}.list-group+.panel-footer{border-top-width:0}.panel>.table,.panel>.table-responsive>.table,.panel>.panel-collapse>.table{margin-bottom:0}.panel>.table caption,.panel>.table-responsive>.table caption,.panel>.panel-collapse>.table caption{padding-left:15px;padding-right:15px}.panel>.table:first-child,.panel>.table-responsive:first-child>.table:first-child{border-top-right-radius:3px;border-top-left-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:first-child{border-top-left-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:last-child{border-top-right-radius:3px}.panel>.table:last-child,.panel>.table-responsive:last-child>.table:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child{border-bottom-left-radius:3px;border-bottom-right-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:first-child{border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:last-child{border-bottom-right-radius:3px}.panel>.panel-body+.table,.panel>.panel-body+.table-responsive,.panel>.table+.panel-body,.panel>.table-responsive+.panel-body{border-top:1px solid #ddd}.panel>.table>tbody:first-child>tr:first-child th,.panel>.table>tbody:first-child>tr:first-child td{border-top:0}.panel>.table-bordered,.panel>.table-responsive>.table-bordered{border:0}.panel>.table-bordered>thead>tr>th:first-child,.panel>.table-responsive>.table-bordered>thead>tr>th:first-child,.panel>.table-bordered>tbody>tr>th:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:first-child,.panel>.table-bordered>tfoot>tr>th:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:first-child,.panel>.table-bordered>thead>tr>td:first-child,.panel>.table-responsive>.table-bordered>thead>tr>td:first-child,.panel>.table-bordered>tbody>tr>td:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:first-child,.panel>.table-bordered>tfoot>tr>td:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.panel>.table-bordered>thead>tr>th:last-child,.panel>.table-responsive>.table-bordered>thead>tr>th:last-child,.panel>.table-bordered>tbody>tr>th:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:last-child,.panel>.table-bordered>tfoot>tr>th:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:last-child,.panel>.table-bordered>thead>tr>td:last-child,.panel>.table-responsive>.table-bordered>thead>tr>td:last-child,.panel>.table-bordered>tbody>tr>td:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:last-child,.panel>.table-bordered>tfoot>tr>td:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.panel>.table-bordered>thead>tr:first-child>td,.panel>.table-responsive>.table-bordered>thead>tr:first-child>td,.panel>.table-bordered>tbody>tr:first-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>td,.panel>.table-bordered>thead>tr:first-child>th,.panel>.table-responsive>.table-bordered>thead>tr:first-child>th,.panel>.table-bordered>tbody>tr:first-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>th{border-bottom:0}.panel>.table-bordered>tbody>tr:last-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>td,.panel>.table-bordered>tfoot>tr:last-child>td,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>td,.panel>.table-bordered>tbody>tr:last-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>th,.panel>.table-bordered>tfoot>tr:last-child>th,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>th{border-bottom:0}.panel>.table-responsive{border:0;margin-bottom:0}.panel-group{margin-bottom:20px}.panel-group .panel{margin-bottom:0;border-radius:4px}.panel-group .panel+.panel{margin-top:5px}.panel-group .panel-heading{border-bottom:0}.panel-group .panel-heading+.panel-collapse>.panel-body,.panel-group .panel-heading+.panel-collapse>.list-group{border-top:1px solid #ddd}.panel-group .panel-footer{border-top:0}.panel-group .panel-footer+.panel-collapse .panel-body{border-bottom:1px solid #ddd}.panel-default{border-color:#ddd}.panel-default>.panel-heading{color:#333;background-color:#f5f5f5;border-color:#ddd}.panel-default>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ddd}.panel-default>.panel-heading .badge{color:#f5f5f5;background-color:#333}.panel-default>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ddd}.panel-primary{border-color:#428bca}.panel-primary>.panel-heading{color:#fff;background-color:#428bca;border-color:#428bca}.panel-primary>.panel-heading+.panel-collapse>.panel-body{border-top-color:#428bca}.panel-primary>.panel-heading .badge{color:#428bca;background-color:#fff}.panel-primary>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#428bca}.panel-success{border-color:#d6e9c6}.panel-success>.panel-heading{color:#3c763d;background-color:#dff0d8;border-color:#d6e9c6}.panel-success>.panel-heading+.panel-collapse>.panel-body{border-top-color:#d6e9c6}.panel-success>.panel-heading .badge{color:#dff0d8;background-color:#3c763d}.panel-success>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#d6e9c6}.panel-info{border-color:#bce8f1}.panel-info>.panel-heading{color:#31708f;background-color:#d9edf7;border-color:#bce8f1}.panel-info>.panel-heading+.panel-collapse>.panel-body{border-top-color:#bce8f1}.panel-info>.panel-heading .badge{color:#d9edf7;background-color:#31708f}.panel-info>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#bce8f1}.panel-warning{border-color:#faebcc}.panel-warning>.panel-heading{color:#8a6d3b;background-color:#fcf8e3;border-color:#faebcc}.panel-warning>.panel-heading+.panel-collapse>.panel-body{border-top-color:#faebcc}.panel-warning>.panel-heading .badge{color:#fcf8e3;background-color:#8a6d3b}.panel-warning>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#faebcc}.panel-danger{border-color:#ebccd1}.panel-danger>.panel-heading{color:#a94442;background-color:#f2dede;border-color:#ebccd1}.panel-danger>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ebccd1}.panel-danger>.panel-heading .badge{color:#f2dede;background-color:#a94442}.panel-danger>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ebccd1}.modal-open{overflow:hidden}.modal{display:none;overflow:hidden;position:fixed;top:0;right:0;bottom:0;left:0;z-index:1050;-webkit-overflow-scrolling:touch;outline:0}.modal.fade .modal-dialog{-webkit-transform:translate(0, -25%);-ms-transform:translate(0, -25%);-o-transform:translate(0, -25%);transform:translate(0, -25%);-webkit-transition:-webkit-transform 0.3s ease-out;-o-transition:-o-transform 0.3s ease-out;transition:transform 0.3s ease-out}.modal.in .modal-dialog{-webkit-transform:translate(0, 0);-ms-transform:translate(0, 0);-o-transform:translate(0, 0);transform:translate(0, 0)}.modal-open .modal{overflow-x:hidden;overflow-y:auto}.modal-dialog{position:relative;width:auto;margin:10px}.modal-content{position:relative;background-color:#fff;border:1px solid #999;border:1px solid rgba(0,0,0,0.2);border-radius:6px;-webkit-box-shadow:0 3px 9px rgba(0,0,0,0.5);box-shadow:0 3px 9px rgba(0,0,0,0.5);-webkit-background-clip:padding-box;background-clip:padding-box;outline:0}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000}.modal-backdrop.fade{opacity:0;filter:alpha(opacity=0)}.modal-backdrop.in{opacity:.5;filter:alpha(opacity=50)}.modal-header{padding:15px;border-bottom:1px solid #e5e5e5}.modal-header .close{margin-top:-2px}.modal-title{margin:0;line-height:1.42857143}.modal-body{position:relative;padding:15px}.modal-footer{padding:15px;text-align:right;border-top:1px solid #e5e5e5}.modal-footer .btn+.btn{margin-left:5px;margin-bottom:0}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}.modal-scrollbar-measure{position:absolute;top:-9999px;width:50px;height:50px;overflow:scroll}@media (min-width:768px){.modal-dialog{width:600px;margin:30px auto}.modal-content{-webkit-box-shadow:0 5px 15px rgba(0,0,0,0.5);box-shadow:0 5px 15px rgba(0,0,0,0.5)}.modal-sm{width:300px}}@media (min-width:992px){.modal-lg{width:900px}}.clearfix:before,.clearfix:after,.dl-horizontal dd:before,.dl-horizontal dd:after,.container:before,.container:after,.container-fluid:before,.container-fluid:after,.row:before,.row:after,.form-horizontal .form-group:before,.form-horizontal .form-group:after,.btn-toolbar:before,.btn-toolbar:after,.btn-group-vertical>.btn-group:before,.btn-group-vertical>.btn-group:after,.nav:before,.nav:after,.navbar:before,.navbar:after,.navbar-header:before,.navbar-header:after,.navbar-collapse:before,.navbar-collapse:after,.panel-body:before,.panel-body:after,.modal-header:before,.modal-header:after,.modal-footer:before,.modal-footer:after{content:" ";display:table}.clearfix:after,.dl-horizontal dd:after,.container:after,.container-fluid:after,.row:after,.form-horizontal .form-group:after,.btn-toolbar:after,.btn-group-vertical>.btn-group:after,.nav:after,.navbar:after,.navbar-header:after,.navbar-collapse:after,.panel-body:after,.modal-header:after,.modal-footer:after{clear:both}.center-block{display:block;margin-left:auto;margin-right:auto}.pull-right{float:right !important}.pull-left{float:left !important}.hide{display:none !important}.show{display:block !important}.invisible{visibility:hidden}.text-hide{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.hidden{display:none !important}.affix{position:fixed}@-ms-viewport{width:device-width}.visible-xs,.visible-sm,.visible-md,.visible-lg{display:none !important}.visible-xs-block,.visible-xs-inline,.visible-xs-inline-block,.visible-sm-block,.visible-sm-inline,.visible-sm-inline-block,.visible-md-block,.visible-md-inline,.visible-md-inline-block,.visible-lg-block,.visible-lg-inline,.visible-lg-inline-block{display:none !important}@media (max-width:767px){.visible-xs{display:block !important}table.visible-xs{display:table !important}tr.visible-xs{display:table-row !important}th.visible-xs,td.visible-xs{display:table-cell !important}}@media (max-width:767px){.visible-xs-block{display:block !important}}@media (max-width:767px){.visible-xs-inline{display:inline !important}}@media (max-width:767px){.visible-xs-inline-block{display:inline-block !important}}@media (min-width:768px) and (max-width:991px){.visible-sm{display:block !important}table.visible-sm{display:table !important}tr.visible-sm{display:table-row !important}th.visible-sm,td.visible-sm{display:table-cell !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-block{display:block !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline{display:inline !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline-block{display:inline-block !important}}@media (min-width:992px) and (max-width:1199px){.visible-md{display:block !important}table.visible-md{display:table !important}tr.visible-md{display:table-row !important}th.visible-md,td.visible-md{display:table-cell !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-block{display:block !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline{display:inline !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline-block{display:inline-block !important}}@media (min-width:1200px){.visible-lg{display:block !important}table.visible-lg{display:table !important}tr.visible-lg{display:table-row !important}th.visible-lg,td.visible-lg{display:table-cell !important}}@media (min-width:1200px){.visible-lg-block{display:block !important}}@media (min-width:1200px){.visible-lg-inline{display:inline !important}}@media (min-width:1200px){.visible-lg-inline-block{display:inline-block !important}}@media (max-width:767px){.hidden-xs{display:none !important}}@media (min-width:768px) and (max-width:991px){.hidden-sm{display:none !important}}@media (min-width:992px) and (max-width:1199px){.hidden-md{display:none !important}}@media (min-width:1200px){.hidden-lg{display:none !important}}.visible-print{display:none !important}@media print{.visible-print{display:block !important}table.visible-print{display:table !important}tr.visible-print{display:table-row !important}th.visible-print,td.visible-print{display:table-cell !important}}.visible-print-block{display:none !important}@media print{.visible-print-block{display:block !important}}.visible-print-inline{display:none !important}@media print{.visible-print-inline{display:inline !important}}.visible-print-inline-block{display:none !important}@media print{.visible-print-inline-block{display:inline-block !important}}@media print{.hidden-print{display:none !important}}table.treetable span.indenter{display:inline-block;text-align:right;user-select:none;-khtml-user-select:none;-moz-user-select:none;-o-user-select:none;-webkit-user-select:none;-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;width:19px;margin:0;padding:0;}table.treetable span.indenter a{background-position:left center;background-repeat:no-repeat;display:inline-block;text-decoration:none;width:19px;}table.treetable tr.collapsed span.indenter a{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAAHlJREFUeNrcU1sNgDAQ6wgmcAM2MICGGlg1gJnNzWQcvwQGy1j4oUl/7tH0mpwzM7SgQyO+EZAUWh2MkkzSWhJwuRAlHYsJwEwyvs1gABDuzqoJcTw5qxaIJN0bgQRgIjnlmn1heSO5PE6Y2YXe+5Cr5+h++gs12AcAS6FS+7YOsj4AAAAASUVORK5CYII=);}table.treetable tr.expanded span.indenter a{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAAHFJREFUeNpi/P//PwMlgImBQsA44C6gvhfa29v3MzAwOODRc6CystIRbxi0t7fjDJjKykpGYrwwi1hxnLHQ3t7+jIGBQRJJ6HllZaUUKYEYRYBPOB0gBShKwKGA////48VtbW3/8clTnBIH3gCKkzJgAGvBX0dDm0sCAAAAAElFTkSuQmCC);}table.treetable tr.branch{background-color:#f9f9f9;}table.treetable tr.selected{background-color:#3875d7;color:#fff;}table.treetable tr span.indenter a{outline:none;}tr.rule-overview-needs-attention td a{color:#d9534f;}td.rule-result div,span.rule-result{text-align:center;font-weight:700;color:#fff;background:gray;}td.rule-result-unknown div,span.rule-result-unknown{background:#f0ad4e;}.js-only{display:none;}.rule-detail-fail,.rule-detail-error,.rule-detail-unknown{border:2px solid #d9534f;}#footer{text-align:center;margin-top:50px;}pre{overflow:auto!important;word-wrap:normal!important;white-space:pre-wrap;}div.check-system-details,div.remediation,div.description{display:inline-block;width:0;min-width:100%;overflow-x:auto;}div.profile-description{white-space:pre-wrap;}div.modal-body{margin:50px;padding:0;}div.horizontal-scroll{overflow-x:auto;}div.top-spacer-10{margin-top:10px;}td.rule-result-fail div,span.rule-result-fail,td.rule-result-error div,span.rule-result-error{background:#d9534f;}td.rule-result-pass div,span.rule-result-pass,td.rule-result-fixed div,span.rule-result-fixed{background:#5cb85c;}.rule-result-filtered,.rule-result-filtered > *,.search-no-match,.search-no-match > *{display:none!important;}@media print{.container{width:100%;}.rule-result abbr[title]:after,.identifiers abbr[title]:after,.identifiers a[href]:after{content:"";}}</style><script> /*! jQuery v1.12.4 | (c) jQuery Foundation | jquery.org/license */ !function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="1.12.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(e.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(0>a?b:0);return this.pushStack(c>=0&&b>c?[this[c]]:[])},end:function(){return this.prevObject||this.constructor()},push:g,sort:c.sort,splice:c.splice},n.extend=n.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]||{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]||{},h++),"object"==typeof g||n.isFunction(g)||(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(e=arguments[h]))for(d in e)a=g[d],c=e[d],g!==c&&(j&&c&&(n.isPlainObject(c)||(b=n.isArray(c)))?(b?(b=!1,f=a&&n.isArray(a)?a:[]):f=a&&n.isPlainObject(a)?a:{},g[d]=n.extend(j,f,c)):void 0!==c&&(g[d]=c));return g},n.extend({expando:"jQuery"+(m+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===n.type(a)},isArray:Array.isArray||function(a){return"array"===n.type(a)},isWindow:function(a){return null!=a&&a==a.window},isNumeric:function(a){var b=a&&a.toString();return!n.isArray(a)&&b-parseFloat(b)+1>=0},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},isPlainObject:function(a){var b;if(!a||"object"!==n.type(a)||a.nodeType||n.isWindow(a))return!1;try{if(a.constructor&&!k.call(a,"constructor")&&!k.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}if(!l.ownFirst)for(b in a)return k.call(a,b);for(b in a);return void 0===b||k.call(a,b)},type:function(a){return null==a?a+"":"object"==typeof a||"function"==typeof a?i[j.call(a)]||"object":typeof a},globalEval:function(b){b&&n.trim(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(p,"ms-").replace(q,r)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(s(a)){for(c=a.length;c>d;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").replace(o,"")},makeArray:function(a,b){var c=b||[];return null!=a&&(s(Object(a))?n.merge(c,"string"==typeof a?[a]:a):g.call(c,a)),c},inArray:function(a,b,c){var d;if(b){if(h)return h.call(b,a,c);for(d=b.length,c=c?0>c?Math.max(0,d+c):c:0;d>c;c++)if(c in b&&b[c]===a)return c}return-1},merge:function(a,b){var c=+b.length,d=0,e=a.length;while(c>d)a[e++]=b[d++];if(c!==c)while(void 0!==b[d])a[e++]=b[d++];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;g>f;f++)d=!b(a[f],f),d!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,e,g=0,h=[];if(s(a))for(d=a.length;d>g;g++)e=b(a[g],g,c),null!=e&&h.push(e);else for(g in a)e=b(a[g],g,c),null!=e&&h.push(e);return f.apply([],h)},guid:1,proxy:function(a,b){var c,d,f;return"string"==typeof b&&(f=a[b],b=a,a=f),n.isFunction(a)?(c=e.call(arguments,2),d=function(){return a.apply(b||this,c.concat(e.call(arguments)))},d.guid=a.guid=a.guid||n.guid++,d):void 0},now:function(){return+new Date},support:l}),"function"==typeof Symbol&&(n.fn[Symbol.iterator]=c[Symbol.iterator]),n.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(a,b){i["[object "+b+"]"]=b.toLowerCase()});function s(a){var b=!!a&&"length"in a&&a.length,c=n.type(a);return"function"===c||n.isWindow(a)?!1:"array"===c||0===b||"number"==typeof b&&b>0&&b-1 in a}var t=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ga(),z=ga(),A=ga(),B=function(a,b){return a===b&&(l=!0),0},C=1<<31,D={}.hasOwnProperty,E=[],F=E.pop,G=E.push,H=E.push,I=E.slice,J=function(a,b){for(var c=0,d=a.length;d>c;c++)if(a[c]===b)return c;return-1},K="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",L="[\\x20\\t\\r\\n\\f]",M="(?:\\\\.|[\\w-]|[^\\x00-\\xa0])+",N="\\["+L+"*("+M+")(?:"+L+"*([*^$|!~]?=)"+L+"*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|("+M+"))|)"+L+"*\\]",O=":("+M+")(?:\\((('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|((?:\\\\.|[^\\\\()[\\]]|"+N+")*)|.*)\\)|)",P=new RegExp(L+"+","g"),Q=new RegExp("^"+L+"+|((?:^|[^\\\\])(?:\\\\.)*)"+L+"+$","g"),R=new RegExp("^"+L+"*,"+L+"*"),S=new RegExp("^"+L+"*([>+~]|"+L+")"+L+"*"),T=new RegExp("="+L+"*([^\\]'\"]*?)"+L+"*\\]","g"),U=new RegExp(O),V=new RegExp("^"+M+"$"),W={ID:new RegExp("^#("+M+")"),CLASS:new RegExp("^\\.("+M+")"),TAG:new RegExp("^("+M+"|[*])"),ATTR:new RegExp("^"+N),PSEUDO:new RegExp("^"+O),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+L+"*(even|odd|(([+-]|)(\\d*)n|)"+L+"*(?:([+-]|)"+L+"*(\\d+)|))"+L+"*\\)|)","i"),bool:new RegExp("^(?:"+K+")$","i"),needsContext:new RegExp("^"+L+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+L+"*((?:-\\d)?\\d*)"+L+"*\\)|)(?=[^-]|$)","i")},X=/^(?:input|select|textarea|button)$/i,Y=/^h\d$/i,Z=/^[^{]+\{\s*\[native \w/,$=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,_=/[+~]/,aa=/'|\\/g,ba=new RegExp("\\\\([\\da-f]{1,6}"+L+"?|("+L+")|.)","ig"),ca=function(a,b,c){var d="0x"+b-65536;return d!==d||c?b:0>d?String.fromCharCode(d+65536):String.fromCharCode(d>>10|55296,1023&d|56320)},da=function(){m()};try{H.apply(E=I.call(v.childNodes),v.childNodes),E[v.childNodes.length].nodeType}catch(ea){H={apply:E.length?function(a,b){G.apply(a,I.call(b))}:function(a,b){var c=a.length,d=0;while(a[c++]=b[d++]);a.length=c-1}}}function fa(a,b,d,e){var f,h,j,k,l,o,r,s,w=b&&b.ownerDocument,x=b?b.nodeType:9;if(d=d||[],"string"!=typeof a||!a||1!==x&&9!==x&&11!==x)return d;if(!e&&((b?b.ownerDocument||b:v)!==n&&m(b),b=b||n,p)){if(11!==x&&(o=$.exec(a)))if(f=o[1]){if(9===x){if(!(j=b.getElementById(f)))return d;if(j.id===f)return d.push(j),d}else if(w&&(j=w.getElementById(f))&&t(b,j)&&j.id===f)return d.push(j),d}else{if(o[2])return H.apply(d,b.getElementsByTagName(a)),d;if((f=o[3])&&c.getElementsByClassName&&b.getElementsByClassName)return H.apply(d,b.getElementsByClassName(f)),d}if(c.qsa&&!A[a+" "]&&(!q||!q.test(a))){if(1!==x)w=b,s=a;else if("object"!==b.nodeName.toLowerCase()){(k=b.getAttribute("id"))?k=k.replace(aa,"\\$&"):b.setAttribute("id",k=u),r=g(a),h=r.length,l=V.test(k)?"#"+k:"[id='"+k+"']";while(h--)r[h]=l+" "+qa(r[h]);s=r.join(","),w=_.test(a)&&oa(b.parentNode)||b}if(s)try{return H.apply(d,w.querySelectorAll(s)),d}catch(y){}finally{k===u&&b.removeAttribute("id")}}}return i(a.replace(Q,"$1"),b,d,e)}function ga(){var a=[];function b(c,e){return a.push(c+" ")>d.cacheLength&&delete b[a.shift()],b[c+" "]=e}return b}function ha(a){return a[u]=!0,a}function ia(a){var b=n.createElement("div");try{return!!a(b)}catch(c){return!1}finally{b.parentNode&&b.parentNode.removeChild(b),b=null}}function ja(a,b){var c=a.split("|"),e=c.length;while(e--)d.attrHandle[c[e]]=b}function ka(a,b){var c=b&&a,d=c&&1===a.nodeType&&1===b.nodeType&&(~b.sourceIndex||C)-(~a.sourceIndex||C);if(d)return d;if(c)while(c=c.nextSibling)if(c===b)return-1;return a?1:-1}function la(a){return function(b){var c=b.nodeName.toLowerCase();return"input"===c&&b.type===a}}function ma(a){return function(b){var c=b.nodeName.toLowerCase();return("input"===c||"button"===c)&&b.type===a}}function na(a){return ha(function(b){return b=+b,ha(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e]=c[e]))})})}function oa(a){return a&&"undefined"!=typeof a.getElementsByTagName&&a}c=fa.support={},f=fa.isXML=function(a){var b=a&&(a.ownerDocument||a).documentElement;return b?"HTML"!==b.nodeName:!1},m=fa.setDocument=function(a){var b,e,g=a?a.ownerDocument||a:v;return g!==n&&9===g.nodeType&&g.documentElement?(n=g,o=n.documentElement,p=!f(n),(e=n.defaultView)&&e.top!==e&&(e.addEventListener?e.addEventListener("unload",da,!1):e.attachEvent&&e.attachEvent("onunload",da)),c.attributes=ia(function(a){return a.className="i",!a.getAttribute("className")}),c.getElementsByTagName=ia(function(a){return a.appendChild(n.createComment("")),!a.getElementsByTagName("*").length}),c.getElementsByClassName=Z.test(n.getElementsByClassName),c.getById=ia(function(a){return o.appendChild(a).id=u,!n.getElementsByName||!n.getElementsByName(u).length}),c.getById?(d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c=b.getElementById(a);return c?[c]:[]}},d.filter.ID=function(a){var b=a.replace(ba,ca);return function(a){return a.getAttribute("id")===b}}):(delete d.find.ID,d.filter.ID=function(a){var b=a.replace(ba,ca);return function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}}),d.find.TAG=c.getElementsByTagName?function(a,b){return"undefined"!=typeof b.getElementsByTagName?b.getElementsByTagName(a):c.qsa?b.querySelectorAll(a):void 0}:function(a,b){var c,d=[],e=0,f=b.getElementsByTagName(a);if("*"===a){while(c=f[e++])1===c.nodeType&&d.push(c);return d}return f},d.find.CLASS=c.getElementsByClassName&&function(a,b){return"undefined"!=typeof b.getElementsByClassName&&p?b.getElementsByClassName(a):void 0},r=[],q=[],(c.qsa=Z.test(n.querySelectorAll))&&(ia(function(a){o.appendChild(a).innerHTML="<a id='"+u+"'></a><select id='"+u+"-\r\\' msallowcapture=''><option selected=''></option></select>",a.querySelectorAll("[msallowcapture^='']").length&&q.push("[*^$]="+L+"*(?:''|\"\")"),a.querySelectorAll("[selected]").length||q.push("\\["+L+"*(?:value|"+K+")"),a.querySelectorAll("[id~="+u+"-]").length||q.push("~="),a.querySelectorAll(":checked").length||q.push(":checked"),a.querySelectorAll("a#"+u+"+*").length||q.push(".#.+[+~]")}),ia(function(a){var b=n.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+L+"*[*^$|!~]?="),a.querySelectorAll(":enabled").length||q.push(":enabled",":disabled"),a.querySelectorAll("*,:x"),q.push(",.*:")})),(c.matchesSelector=Z.test(s=o.matches||o.webkitMatchesSelector||o.mozMatchesSelector||o.oMatchesSelector||o.msMatchesSelector))&&ia(function(a){c.disconnectedMatch=s.call(a,"div"),s.call(a,"[s!='']:x"),r.push("!=",O)}),q=q.length&&new RegExp(q.join("|")),r=r.length&&new RegExp(r.join("|")),b=Z.test(o.compareDocumentPosition),t=b||Z.test(o.contains)?function(a,b){var c=9===a.nodeType?a.documentElement:a,d=b&&b.parentNode;return a===d||!(!d||1!==d.nodeType||!(c.contains?c.contains(d):a.compareDocumentPosition&&16&a.compareDocumentPosition(d)))}:function(a,b){if(b)while(b=b.parentNode)if(b===a)return!0;return!1},B=b?function(a,b){if(a===b)return l=!0,0;var d=!a.compareDocumentPosition-!b.compareDocumentPosition;return d?d:(d=(a.ownerDocument||a)===(b.ownerDocument||b)?a.compareDocumentPosition(b):1,1&d||!c.sortDetached&&b.compareDocumentPosition(a)===d?a===n||a.ownerDocument===v&&t(v,a)?-1:b===n||b.ownerDocument===v&&t(v,b)?1:k?J(k,a)-J(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,g=[a],h=[b];if(!e||!f)return a===n?-1:b===n?1:e?-1:f?1:k?J(k,a)-J(k,b):0;if(e===f)return ka(a,b);c=a;while(c=c.parentNode)g.unshift(c);c=b;while(c=c.parentNode)h.unshift(c);while(g[d]===h[d])d++;return d?ka(g[d],h[d]):g[d]===v?-1:h[d]===v?1:0},n):n},fa.matches=function(a,b){return fa(a,null,null,b)},fa.matchesSelector=function(a,b){if((a.ownerDocument||a)!==n&&m(a),b=b.replace(T,"='$1']"),c.matchesSelector&&p&&!A[b+" "]&&(!r||!r.test(b))&&(!q||!q.test(b)))try{var d=s.call(a,b);if(d||c.disconnectedMatch||a.document&&11!==a.document.nodeType)return d}catch(e){}return fa(b,n,null,[a]).length>0},fa.contains=function(a,b){return(a.ownerDocument||a)!==n&&m(a),t(a,b)},fa.attr=function(a,b){(a.ownerDocument||a)!==n&&m(a);var e=d.attrHandle[b.toLowerCase()],f=e&&D.call(d.attrHandle,b.toLowerCase())?e(a,b,!p):void 0;return void 0!==f?f:c.attributes||!p?a.getAttribute(b):(f=a.getAttributeNode(b))&&f.specified?f.value:null},fa.error=function(a){throw new Error("Syntax error, unrecognized expression: "+a)},fa.uniqueSort=function(a){var b,d=[],e=0,f=0;if(l=!c.detectDuplicates,k=!c.sortStable&&a.slice(0),a.sort(B),l){while(b=a[f++])b===a[f]&&(e=d.push(f));while(e--)a.splice(d[e],1)}return k=null,a},e=fa.getText=function(a){var b,c="",d=0,f=a.nodeType;if(f){if(1===f||9===f||11===f){if("string"==typeof a.textContent)return a.textContent;for(a=a.firstChild;a;a=a.nextSibling)c+=e(a)}else if(3===f||4===f)return a.nodeValue}else while(b=a[d++])c+=e(b);return c},d=fa.selectors={cacheLength:50,createPseudo:ha,match:W,attrHandle:{},find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(a){return a[1]=a[1].replace(ba,ca),a[3]=(a[3]||a[4]||a[5]||"").replace(ba,ca),"~="===a[2]&&(a[3]=" "+a[3]+" "),a.slice(0,4)},CHILD:function(a){return a[1]=a[1].toLowerCase(),"nth"===a[1].slice(0,3)?(a[3]||fa.error(a[0]),a[4]=+(a[4]?a[5]+(a[6]||1):2*("even"===a[3]||"odd"===a[3])),a[5]=+(a[7]+a[8]||"odd"===a[3])):a[3]&&fa.error(a[0]),a},PSEUDO:function(a){var b,c=!a[6]&&a[2];return W.CHILD.test(a[0])?null:(a[3]?a[2]=a[4]||a[5]||"":c&&U.test(c)&&(b=g(c,!0))&&(b=c.indexOf(")",c.length-b)-c.length)&&(a[0]=a[0].slice(0,b),a[2]=c.slice(0,b)),a.slice(0,3))}},filter:{TAG:function(a){var b=a.replace(ba,ca).toLowerCase();return"*"===a?function(){return!0}:function(a){return a.nodeName&&a.nodeName.toLowerCase()===b}},CLASS:function(a){var b=y[a+" "];return b||(b=new RegExp("(^|"+L+")"+a+"("+L+"|$)"))&&y(a,function(a){return b.test("string"==typeof a.className&&a.className||"undefined"!=typeof a.getAttribute&&a.getAttribute("class")||"")})},ATTR:function(a,b,c){return function(d){var e=fa.attr(d,a);return null==e?"!="===b:b?(e+="","="===b?e===c:"!="===b?e!==c:"^="===b?c&&0===e.indexOf(c):"*="===b?c&&e.indexOf(c)>-1:"$="===b?c&&e.slice(-c.length)===c:"~="===b?(" "+e.replace(P," ")+" ").indexOf(c)>-1:"|="===b?e===c||e.slice(0,c.length+1)===c+"-":!1):!0}},CHILD:function(a,b,c,d,e){var f="nth"!==a.slice(0,3),g="last"!==a.slice(-4),h="of-type"===b;return 1===d&&0===e?function(a){return!!a.parentNode}:function(b,c,i){var j,k,l,m,n,o,p=f!==g?"nextSibling":"previousSibling",q=b.parentNode,r=h&&b.nodeName.toLowerCase(),s=!i&&!h,t=!1;if(q){if(f){while(p){m=b;while(m=m[p])if(h?m.nodeName.toLowerCase()===r:1===m.nodeType)return!1;o=p="only"===a&&!o&&"nextSibling"}return!0}if(o=[g?q.firstChild:q.lastChild],g&&s){m=q,l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),j=k[a]||[],n=j[0]===w&&j[1],t=n&&j[2],m=n&&q.childNodes[n];while(m=++n&&m&&m[p]||(t=n=0)||o.pop())if(1===m.nodeType&&++t&&m===b){k[a]=[w,n,t];break}}else if(s&&(m=b,l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),j=k[a]||[],n=j[0]===w&&j[1],t=n),t===!1)while(m=++n&&m&&m[p]||(t=n=0)||o.pop())if((h?m.nodeName.toLowerCase()===r:1===m.nodeType)&&++t&&(s&&(l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),k[a]=[w,t]),m===b))break;return t-=e,t===d||t%d===0&&t/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]||d.setFilters[a.toLowerCase()]||fa.error("unsupported pseudo: "+a);return e[u]?e(b):e.length>1?(c=[a,a,"",b],d.setFilters.hasOwnProperty(a.toLowerCase())?ha(function(a,c){var d,f=e(a,b),g=f.length;while(g--)d=J(a,f[g]),a[d]=!(c[d]=f[g])}):function(a){return e(a,0,c)}):e}},pseudos:{not:ha(function(a){var b=[],c=[],d=h(a.replace(Q,"$1"));return d[u]?ha(function(a,b,c,e){var f,g=d(a,null,e,[]),h=a.length;while(h--)(f=g[h])&&(a[h]=!(b[h]=f))}):function(a,e,f){return b[0]=a,d(b,null,f,c),b[0]=null,!c.pop()}}),has:ha(function(a){return function(b){return fa(a,b).length>0}}),contains:ha(function(a){return a=a.replace(ba,ca),function(b){return(b.textContent||b.innerText||e(b)).indexOf(a)>-1}}),lang:ha(function(a){return V.test(a||"")||fa.error("unsupported lang: "+a),a=a.replace(ba,ca).toLowerCase(),function(b){var c;do if(c=p?b.lang:b.getAttribute("xml:lang")||b.getAttribute("lang"))return c=c.toLowerCase(),c===a||0===c.indexOf(a+"-");while((b=b.parentNode)&&1===b.nodeType);return!1}}),target:function(b){var c=a.location&&a.location.hash;return c&&c.slice(1)===b.id},root:function(a){return a===o},focus:function(a){return a===n.activeElement&&(!n.hasFocus||n.hasFocus())&&!!(a.type||a.href||~a.tabIndex)},enabled:function(a){return a.disabled===!1},disabled:function(a){return a.disabled===!0},checked:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&!!a.checked||"option"===b&&!!a.selected},selected:function(a){return a.parentNode&&a.parentNode.selectedIndex,a.selected===!0},empty:function(a){for(a=a.firstChild;a;a=a.nextSibling)if(a.nodeType<6)return!1;return!0},parent:function(a){return!d.pseudos.empty(a)},header:function(a){return Y.test(a.nodeName)},input:function(a){return X.test(a.nodeName)},button:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&"button"===a.type||"button"===b},text:function(a){var b;return"input"===a.nodeName.toLowerCase()&&"text"===a.type&&(null==(b=a.getAttribute("type"))||"text"===b.toLowerCase())},first:na(function(){return[0]}),last:na(function(a,b){return[b-1]}),eq:na(function(a,b,c){return[0>c?c+b:c]}),even:na(function(a,b){for(var c=0;b>c;c+=2)a.push(c);return a}),odd:na(function(a,b){for(var c=1;b>c;c+=2)a.push(c);return a}),lt:na(function(a,b,c){for(var d=0>c?c+b:c;--d>=0;)a.push(d);return a}),gt:na(function(a,b,c){for(var d=0>c?c+b:c;++d<b;)a.push(d);return a})}},d.pseudos.nth=d.pseudos.eq;for(b in{radio:!0,checkbox:!0,file:!0,password:!0,image:!0})d.pseudos[b]=la(b);for(b in{submit:!0,reset:!0})d.pseudos[b]=ma(b);function pa(){}pa.prototype=d.filters=d.pseudos,d.setFilters=new pa,g=fa.tokenize=function(a,b){var c,e,f,g,h,i,j,k=z[a+" "];if(k)return b?0:k.slice(0);h=a,i=[],j=d.preFilter;while(h){c&&!(e=R.exec(h))||(e&&(h=h.slice(e[0].length)||h),i.push(f=[])),c=!1,(e=S.exec(h))&&(c=e.shift(),f.push({value:c,type:e[0].replace(Q," ")}),h=h.slice(c.length));for(g in d.filter)!(e=W[g].exec(h))||j[g]&&!(e=j[g](e))||(c=e.shift(),f.push({value:c,type:g,matches:e}),h=h.slice(c.length));if(!c)break}return b?h.length:h?fa.error(a):z(a,i).slice(0)};function qa(a){for(var b=0,c=a.length,d="";c>b;b++)d+=a[b].value;return d}function ra(a,b,c){var d=b.dir,e=c&&"parentNode"===d,f=x++;return b.first?function(b,c,f){while(b=b[d])if(1===b.nodeType||e)return a(b,c,f)}:function(b,c,g){var h,i,j,k=[w,f];if(g){while(b=b[d])if((1===b.nodeType||e)&&a(b,c,g))return!0}else while(b=b[d])if(1===b.nodeType||e){if(j=b[u]||(b[u]={}),i=j[b.uniqueID]||(j[b.uniqueID]={}),(h=i[d])&&h[0]===w&&h[1]===f)return k[2]=h[2];if(i[d]=k,k[2]=a(b,c,g))return!0}}}function sa(a){return a.length>1?function(b,c,d){var e=a.length;while(e--)if(!a[e](b,c,d))return!1;return!0}:a[0]}function ta(a,b,c){for(var d=0,e=b.length;e>d;d++)fa(a,b[d],c);return c}function ua(a,b,c,d,e){for(var f,g=[],h=0,i=a.length,j=null!=b;i>h;h++)(f=a[h])&&(c&&!c(f,d,e)||(g.push(f),j&&b.push(h)));return g}function va(a,b,c,d,e,f){return d&&!d[u]&&(d=va(d)),e&&!e[u]&&(e=va(e,f)),ha(function(f,g,h,i){var j,k,l,m=[],n=[],o=g.length,p=f||ta(b||"*",h.nodeType?[h]:h,[]),q=!a||!f&&b?p:ua(p,m,a,h,i),r=c?e||(f?a:o||d)?[]:g:q;if(c&&c(q,r,h,i),d){j=ua(r,n),d(j,[],h,i),k=j.length;while(k--)(l=j[k])&&(r[n[k]]=!(q[n[k]]=l))}if(f){if(e||a){if(e){j=[],k=r.length;while(k--)(l=r[k])&&j.push(q[k]=l);e(null,r=[],j,i)}k=r.length;while(k--)(l=r[k])&&(j=e?J(f,l):m[k])>-1&&(f[j]=!(g[j]=l))}}else r=ua(r===g?r.splice(o,r.length):r),e?e(null,g,r,i):H.apply(g,r)})}function wa(a){for(var b,c,e,f=a.length,g=d.relative[a[0].type],h=g||d.relative[" "],i=g?1:0,k=ra(function(a){return a===b},h,!0),l=ra(function(a){return J(b,a)>-1},h,!0),m=[function(a,c,d){var e=!g&&(d||c!==j)||((b=c).nodeType?k(a,c,d):l(a,c,d));return b=null,e}];f>i;i++)if(c=d.relative[a[i].type])m=[ra(sa(m),c)];else{if(c=d.filter[a[i].type].apply(null,a[i].matches),c[u]){for(e=++i;f>e;e++)if(d.relative[a[e].type])break;return va(i>1&&sa(m),i>1&&qa(a.slice(0,i-1).concat({value:" "===a[i-2].type?"*":""})).replace(Q,"$1"),c,e>i&&wa(a.slice(i,e)),f>e&&wa(a=a.slice(e)),f>e&&qa(a))}m.push(c)}return sa(m)}function xa(a,b){var c=b.length>0,e=a.length>0,f=function(f,g,h,i,k){var l,o,q,r=0,s="0",t=f&&[],u=[],v=j,x=f||e&&d.find.TAG("*",k),y=w+=null==v?1:Math.random()||.1,z=x.length;for(k&&(j=g===n||g||k);s!==z&&null!=(l=x[s]);s++){if(e&&l){o=0,g||l.ownerDocument===n||(m(l),h=!p);while(q=a[o++])if(q(l,g||n,h)){i.push(l);break}k&&(w=y)}c&&((l=!q&&l)&&r--,f&&t.push(l))}if(r+=s,c&&s!==r){o=0;while(q=b[o++])q(t,u,g,h);if(f){if(r>0)while(s--)t[s]||u[s]||(u[s]=F.call(i));u=ua(u)}H.apply(i,u),k&&!f&&u.length>0&&r+b.length>1&&fa.uniqueSort(i)}return k&&(w=y,j=v),t};return c?ha(f):f}return h=fa.compile=function(a,b){var c,d=[],e=[],f=A[a+" "];if(!f){b||(b=g(a)),c=b.length;while(c--)f=wa(b[c]),f[u]?d.push(f):e.push(f);f=A(a,xa(e,d)),f.selector=a}return f},i=fa.select=function(a,b,e,f){var i,j,k,l,m,n="function"==typeof a&&a,o=!f&&g(a=n.selector||a);if(e=e||[],1===o.length){if(j=o[0]=o[0].slice(0),j.length>2&&"ID"===(k=j[0]).type&&c.getById&&9===b.nodeType&&p&&d.relative[j[1].type]){if(b=(d.find.ID(k.matches[0].replace(ba,ca),b)||[])[0],!b)return e;n&&(b=b.parentNode),a=a.slice(j.shift().value.length)}i=W.needsContext.test(a)?0:j.length;while(i--){if(k=j[i],d.relative[l=k.type])break;if((m=d.find[l])&&(f=m(k.matches[0].replace(ba,ca),_.test(j[0].type)&&oa(b.parentNode)||b))){if(j.splice(i,1),a=f.length&&qa(j),!a)return H.apply(e,f),e;break}}}return(n||h(a,o))(f,b,!p,e,!b||_.test(a)&&oa(b.parentNode)||b),e},c.sortStable=u.split("").sort(B).join("")===u,c.detectDuplicates=!!l,m(),c.sortDetached=ia(function(a){return 1&a.compareDocumentPosition(n.createElement("div"))}),ia(function(a){return a.innerHTML="<a href='#'></a>","#"===a.firstChild.getAttribute("href")})||ja("type|href|height|width",function(a,b,c){return c?void 0:a.getAttribute(b,"type"===b.toLowerCase()?1:2)}),c.attributes&&ia(function(a){return a.innerHTML="<input/>",a.firstChild.setAttribute("value",""),""===a.firstChild.getAttribute("value")})||ja("value",function(a,b,c){return c||"input"!==a.nodeName.toLowerCase()?void 0:a.defaultValue}),ia(function(a){return null==a.getAttribute("disabled")})||ja(K,function(a,b,c){var d;return c?void 0:a[b]===!0?b.toLowerCase():(d=a.getAttributeNode(b))&&d.specified?d.value:null}),fa}(a);n.find=t,n.expr=t.selectors,n.expr[":"]=n.expr.pseudos,n.uniqueSort=n.unique=t.uniqueSort,n.text=t.getText,n.isXMLDoc=t.isXML,n.contains=t.contains;var u=function(a,b,c){var d=[],e=void 0!==c;while((a=a[b])&&9!==a.nodeType)if(1===a.nodeType){if(e&&n(a).is(c))break;d.push(a)}return d},v=function(a,b){for(var c=[];a;a=a.nextSibling)1===a.nodeType&&a!==b&&c.push(a);return c},w=n.expr.match.needsContext,x=/^<([\w-]+)\s*\/?>(?:<\/\1>|)$/,y=/^.[^:#\[\.,]*$/;function z(a,b,c){if(n.isFunction(b))return n.grep(a,function(a,d){return!!b.call(a,d,a)!==c});if(b.nodeType)return n.grep(a,function(a){return a===b!==c});if("string"==typeof b){if(y.test(b))return n.filter(b,a,c);b=n.filter(b,a)}return n.grep(a,function(a){return n.inArray(a,b)>-1!==c})}n.filter=function(a,b,c){var d=b[0];return c&&(a=":not("+a+")"),1===b.length&&1===d.nodeType?n.find.matchesSelector(d,a)?[d]:[]:n.find.matches(a,n.grep(b,function(a){return 1===a.nodeType}))},n.fn.extend({find:function(a){var b,c=[],d=this,e=d.length;if("string"!=typeof a)return this.pushStack(n(a).filter(function(){for(b=0;e>b;b++)if(n.contains(d[b],this))return!0}));for(b=0;e>b;b++)n.find(a,d[b],c);return c=this.pushStack(e>1?n.unique(c):c),c.selector=this.selector?this.selector+" "+a:a,c},filter:function(a){return this.pushStack(z(this,a||[],!1))},not:function(a){return this.pushStack(z(this,a||[],!0))},is:function(a){return!!z(this,"string"==typeof a&&w.test(a)?n(a):a||[],!1).length}});var A,B=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]*))$/,C=n.fn.init=function(a,b,c){var e,f;if(!a)return this;if(c=c||A,"string"==typeof a){if(e="<"===a.charAt(0)&&">"===a.charAt(a.length-1)&&a.length>=3?[null,a,null]:B.exec(a),!e||!e[1]&&b)return!b||b.jquery?(b||c).find(a):this.constructor(b).find(a);if(e[1]){if(b=b instanceof n?b[0]:b,n.merge(this,n.parseHTML(e[1],b&&b.nodeType?b.ownerDocument||b:d,!0)),x.test(e[1])&&n.isPlainObject(b))for(e in b)n.isFunction(this[e])?this[e](b[e]):this.attr(e,b[e]);return this}if(f=d.getElementById(e[2]),f&&f.parentNode){if(f.id!==e[2])return A.find(a);this.length=1,this[0]=f}return this.context=d,this.selector=a,this}return a.nodeType?(this.context=this[0]=a,this.length=1,this):n.isFunction(a)?"undefined"!=typeof c.ready?c.ready(a):a(n):(void 0!==a.selector&&(this.selector=a.selector,this.context=a.context),n.makeArray(a,this))};C.prototype=n.fn,A=n(d);var D=/^(?:parents|prev(?:Until|All))/,E={children:!0,contents:!0,next:!0,prev:!0};n.fn.extend({has:function(a){var b,c=n(a,this),d=c.length;return this.filter(function(){for(b=0;d>b;b++)if(n.contains(this,c[b]))return!0})},closest:function(a,b){for(var c,d=0,e=this.length,f=[],g=w.test(a)||"string"!=typeof a?n(a,b||this.context):0;e>d;d++)for(c=this[d];c&&c!==b;c=c.parentNode)if(c.nodeType<11&&(g?g.index(c)>-1:1===c.nodeType&&n.find.matchesSelector(c,a))){f.push(c);break}return this.pushStack(f.length>1?n.uniqueSort(f):f)},index:function(a){return a?"string"==typeof a?n.inArray(this[0],n(a)):n.inArray(a.jquery?a[0]:a,this):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(a,b){return this.pushStack(n.uniqueSort(n.merge(this.get(),n(a,b))))},addBack:function(a){return this.add(null==a?this.prevObject:this.prevObject.filter(a))}});function F(a,b){do a=a[b];while(a&&1!==a.nodeType);return a}n.each({parent:function(a){var b=a.parentNode;return b&&11!==b.nodeType?b:null},parents:function(a){return u(a,"parentNode")},parentsUntil:function(a,b,c){return u(a,"parentNode",c)},next:function(a){return F(a,"nextSibling")},prev:function(a){return F(a,"previousSibling")},nextAll:function(a){return u(a,"nextSibling")},prevAll:function(a){return u(a,"previousSibling")},nextUntil:function(a,b,c){return u(a,"nextSibling",c)},prevUntil:function(a,b,c){return u(a,"previousSibling",c)},siblings:function(a){return v((a.parentNode||{}).firstChild,a)},children:function(a){return v(a.firstChild)},contents:function(a){return n.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:n.merge([],a.childNodes)}},function(a,b){n.fn[a]=function(c,d){var e=n.map(this,b,c);return"Until"!==a.slice(-5)&&(d=c),d&&"string"==typeof d&&(e=n.filter(d,e)),this.length>1&&(E[a]||(e=n.uniqueSort(e)),D.test(a)&&(e=e.reverse())),this.pushStack(e)}});var G=/\S+/g;function H(a){var b={};return n.each(a.match(G)||[],function(a,c){b[c]=!0}),b}n.Callbacks=function(a){a="string"==typeof a?H(a):n.extend({},a);var b,c,d,e,f=[],g=[],h=-1,i=function(){for(e=a.once,d=b=!0;g.length;h=-1){c=g.shift();while(++h<f.length)f[h].apply(c[0],c[1])===!1&&a.stopOnFalse&&(h=f.length,c=!1)}a.memory||(c=!1),b=!1,e&&(f=c?[]:"")},j={add:function(){return f&&(c&&!b&&(h=f.length-1,g.push(c)),function d(b){n.each(b,function(b,c){n.isFunction(c)?a.unique&&j.has(c)||f.push(c):c&&c.length&&"string"!==n.type(c)&&d(c)})}(arguments),c&&!b&&i()),this},remove:function(){return n.each(arguments,function(a,b){var c;while((c=n.inArray(b,f,c))>-1)f.splice(c,1),h>=c&&h--}),this},has:function(a){return a?n.inArray(a,f)>-1:f.length>0},empty:function(){return f&&(f=[]),this},disable:function(){return e=g=[],f=c="",this},disabled:function(){return!f},lock:function(){return e=!0,c||j.disable(),this},locked:function(){return!!e},fireWith:function(a,c){return e||(c=c||[],c=[a,c.slice?c.slice():c],g.push(c),b||i()),this},fire:function(){return j.fireWith(this,arguments),this},fired:function(){return!!d}};return j},n.extend({Deferred:function(a){var b=[["resolve","done",n.Callbacks("once memory"),"resolved"],["reject","fail",n.Callbacks("once memory"),"rejected"],["notify","progress",n.Callbacks("memory")]],c="pending",d={state:function(){return c},always:function(){return e.done(arguments).fail(arguments),this},then:function(){var a=arguments;return n.Deferred(function(c){n.each(b,function(b,f){var g=n.isFunction(a[b])&&a[b];e[f[1]](function(){var a=g&&g.apply(this,arguments);a&&n.isFunction(a.promise)?a.promise().progress(c.notify).done(c.resolve).fail(c.reject):c[f[0]+"With"](this===d?c.promise():this,g?[a]:arguments)})}),a=null}).promise()},promise:function(a){return null!=a?n.extend(a,d):d}},e={};return d.pipe=d.then,n.each(b,function(a,f){var g=f[2],h=f[3];d[f[1]]=g.add,h&&g.add(function(){c=h},b[1^a][2].disable,b[2][2].lock),e[f[0]]=function(){return e[f[0]+"With"](this===e?d:this,arguments),this},e[f[0]+"With"]=g.fireWith}),d.promise(e),a&&a.call(e,e),e},when:function(a){var b=0,c=e.call(arguments),d=c.length,f=1!==d||a&&n.isFunction(a.promise)?d:0,g=1===f?a:n.Deferred(),h=function(a,b,c){return function(d){b[a]=this,c[a]=arguments.length>1?e.call(arguments):d,c===i?g.notifyWith(b,c):--f||g.resolveWith(b,c)}},i,j,k;if(d>1)for(i=new Array(d),j=new Array(d),k=new Array(d);d>b;b++)c[b]&&n.isFunction(c[b].promise)?c[b].promise().progress(h(b,j,i)).done(h(b,k,c)).fail(g.reject):--f;return f||g.resolveWith(k,c),g.promise()}});var I;n.fn.ready=function(a){return n.ready.promise().done(a),this},n.extend({isReady:!1,readyWait:1,holdReady:function(a){a?n.readyWait++:n.ready(!0)},ready:function(a){(a===!0?--n.readyWait:n.isReady)||(n.isReady=!0,a!==!0&&--n.readyWait>0||(I.resolveWith(d,[n]),n.fn.triggerHandler&&(n(d).triggerHandler("ready"),n(d).off("ready"))))}});function J(){d.addEventListener?(d.removeEventListener("DOMContentLoaded",K),a.removeEventListener("load",K)):(d.detachEvent("onreadystatechange",K),a.detachEvent("onload",K))}function K(){(d.addEventListener||"load"===a.event.type||"complete"===d.readyState)&&(J(),n.ready())}n.ready.promise=function(b){if(!I)if(I=n.Deferred(),"complete"===d.readyState||"loading"!==d.readyState&&!d.documentElement.doScroll)a.setTimeout(n.ready);else if(d.addEventListener)d.addEventListener("DOMContentLoaded",K),a.addEventListener("load",K);else{d.attachEvent("onreadystatechange",K),a.attachEvent("onload",K);var c=!1;try{c=null==a.frameElement&&d.documentElement}catch(e){}c&&c.doScroll&&!function f(){if(!n.isReady){try{c.doScroll("left")}catch(b){return a.setTimeout(f,50)}J(),n.ready()}}()}return I.promise(b)},n.ready.promise();var L;for(L in n(l))break;l.ownFirst="0"===L,l.inlineBlockNeedsLayout=!1,n(function(){var a,b,c,e;c=d.getElementsByTagName("body")[0],c&&c.style&&(b=d.createElement("div"),e=d.createElement("div"),e.style.cssText="position:absolute;border:0;width:0;height:0;top:0;left:-9999px",c.appendChild(e).appendChild(b),"undefined"!=typeof b.style.zoom&&(b.style.cssText="display:inline;margin:0;border:0;padding:1px;width:1px;zoom:1",l.inlineBlockNeedsLayout=a=3===b.offsetWidth,a&&(c.style.zoom=1)),c.removeChild(e))}),function(){var a=d.createElement("div");l.deleteExpando=!0;try{delete a.test}catch(b){l.deleteExpando=!1}a=null}();var M=function(a){var b=n.noData[(a.nodeName+" ").toLowerCase()],c=+a.nodeType||1;return 1!==c&&9!==c?!1:!b||b!==!0&&a.getAttribute("classid")===b},N=/^(?:\{[\w\W]*\}|\[[\w\W]*\])$/,O=/([A-Z])/g;function P(a,b,c){if(void 0===c&&1===a.nodeType){var d="data-"+b.replace(O,"-$1").toLowerCase();if(c=a.getAttribute(d),"string"==typeof c){try{c="true"===c?!0:"false"===c?!1:"null"===c?null:+c+""===c?+c:N.test(c)?n.parseJSON(c):c}catch(e){}n.data(a,b,c)}else c=void 0; }return c}function Q(a){var b;for(b in a)if(("data"!==b||!n.isEmptyObject(a[b]))&&"toJSON"!==b)return!1;return!0}function R(a,b,d,e){if(M(a)){var f,g,h=n.expando,i=a.nodeType,j=i?n.cache:a,k=i?a[h]:a[h]&&h;if(k&&j[k]&&(e||j[k].data)||void 0!==d||"string"!=typeof b)return k||(k=i?a[h]=c.pop()||n.guid++:h),j[k]||(j[k]=i?{}:{toJSON:n.noop}),"object"!=typeof b&&"function"!=typeof b||(e?j[k]=n.extend(j[k],b):j[k].data=n.extend(j[k].data,b)),g=j[k],e||(g.data||(g.data={}),g=g.data),void 0!==d&&(g[n.camelCase(b)]=d),"string"==typeof b?(f=g[b],null==f&&(f=g[n.camelCase(b)])):f=g,f}}function S(a,b,c){if(M(a)){var d,e,f=a.nodeType,g=f?n.cache:a,h=f?a[n.expando]:n.expando;if(g[h]){if(b&&(d=c?g[h]:g[h].data)){n.isArray(b)?b=b.concat(n.map(b,n.camelCase)):b in d?b=[b]:(b=n.camelCase(b),b=b in d?[b]:b.split(" ")),e=b.length;while(e--)delete d[b[e]];if(c?!Q(d):!n.isEmptyObject(d))return}(c||(delete g[h].data,Q(g[h])))&&(f?n.cleanData([a],!0):l.deleteExpando||g!=g.window?delete g[h]:g[h]=void 0)}}}n.extend({cache:{},noData:{"applet ":!0,"embed ":!0,"object ":"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"},hasData:function(a){return a=a.nodeType?n.cache[a[n.expando]]:a[n.expando],!!a&&!Q(a)},data:function(a,b,c){return R(a,b,c)},removeData:function(a,b){return S(a,b)},_data:function(a,b,c){return R(a,b,c,!0)},_removeData:function(a,b){return S(a,b,!0)}}),n.fn.extend({data:function(a,b){var c,d,e,f=this[0],g=f&&f.attributes;if(void 0===a){if(this.length&&(e=n.data(f),1===f.nodeType&&!n._data(f,"parsedAttrs"))){c=g.length;while(c--)g[c]&&(d=g[c].name,0===d.indexOf("data-")&&(d=n.camelCase(d.slice(5)),P(f,d,e[d])));n._data(f,"parsedAttrs",!0)}return e}return"object"==typeof a?this.each(function(){n.data(this,a)}):arguments.length>1?this.each(function(){n.data(this,a,b)}):f?P(f,a,n.data(f,a)):void 0},removeData:function(a){return this.each(function(){n.removeData(this,a)})}}),n.extend({queue:function(a,b,c){var d;return a?(b=(b||"fx")+"queue",d=n._data(a,b),c&&(!d||n.isArray(c)?d=n._data(a,b,n.makeArray(c)):d.push(c)),d||[]):void 0},dequeue:function(a,b){b=b||"fx";var c=n.queue(a,b),d=c.length,e=c.shift(),f=n._queueHooks(a,b),g=function(){n.dequeue(a,b)};"inprogress"===e&&(e=c.shift(),d--),e&&("fx"===b&&c.unshift("inprogress"),delete f.stop,e.call(a,g,f)),!d&&f&&f.empty.fire()},_queueHooks:function(a,b){var c=b+"queueHooks";return n._data(a,c)||n._data(a,c,{empty:n.Callbacks("once memory").add(function(){n._removeData(a,b+"queue"),n._removeData(a,c)})})}}),n.fn.extend({queue:function(a,b){var c=2;return"string"!=typeof a&&(b=a,a="fx",c--),arguments.length<c?n.queue(this[0],a):void 0===b?this:this.each(function(){var c=n.queue(this,a,b);n._queueHooks(this,a),"fx"===a&&"inprogress"!==c[0]&&n.dequeue(this,a)})},dequeue:function(a){return this.each(function(){n.dequeue(this,a)})},clearQueue:function(a){return this.queue(a||"fx",[])},promise:function(a,b){var c,d=1,e=n.Deferred(),f=this,g=this.length,h=function(){--d||e.resolveWith(f,[f])};"string"!=typeof a&&(b=a,a=void 0),a=a||"fx";while(g--)c=n._data(f[g],a+"queueHooks"),c&&c.empty&&(d++,c.empty.add(h));return h(),e.promise(b)}}),function(){var a;l.shrinkWrapBlocks=function(){if(null!=a)return a;a=!1;var b,c,e;return c=d.getElementsByTagName("body")[0],c&&c.style?(b=d.createElement("div"),e=d.createElement("div"),e.style.cssText="position:absolute;border:0;width:0;height:0;top:0;left:-9999px",c.appendChild(e).appendChild(b),"undefined"!=typeof b.style.zoom&&(b.style.cssText="-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;display:block;margin:0;border:0;padding:1px;width:1px;zoom:1",b.appendChild(d.createElement("div")).style.width="5px",a=3!==b.offsetWidth),c.removeChild(e),a):void 0}}();var T=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,U=new RegExp("^(?:([+-])=|)("+T+")([a-z%]*)$","i"),V=["Top","Right","Bottom","Left"],W=function(a,b){return a=b||a,"none"===n.css(a,"display")||!n.contains(a.ownerDocument,a)};function X(a,b,c,d){var e,f=1,g=20,h=d?function(){return d.cur()}:function(){return n.css(a,b,"")},i=h(),j=c&&c[3]||(n.cssNumber[b]?"":"px"),k=(n.cssNumber[b]||"px"!==j&&+i)&&U.exec(n.css(a,b));if(k&&k[3]!==j){j=j||k[3],c=c||[],k=+i||1;do f=f||".5",k/=f,n.style(a,b,k+j);while(f!==(f=h()/i)&&1!==f&&--g)}return c&&(k=+k||+i||0,e=c[1]?k+(c[1]+1)*c[2]:+c[2],d&&(d.unit=j,d.start=k,d.end=e)),e}var Y=function(a,b,c,d,e,f,g){var h=0,i=a.length,j=null==c;if("object"===n.type(c)){e=!0;for(h in c)Y(a,b,h,c[h],!0,f,g)}else if(void 0!==d&&(e=!0,n.isFunction(d)||(g=!0),j&&(g?(b.call(a,d),b=null):(j=b,b=function(a,b,c){return j.call(n(a),c)})),b))for(;i>h;h++)b(a[h],c,g?d:d.call(a[h],h,b(a[h],c)));return e?a:j?b.call(a):i?b(a[0],c):f},Z=/^(?:checkbox|radio)$/i,$=/<([\w:-]+)/,_=/^$|\/(?:java|ecma)script/i,aa=/^\s+/,ba="abbr|article|aside|audio|bdi|canvas|data|datalist|details|dialog|figcaption|figure|footer|header|hgroup|main|mark|meter|nav|output|picture|progress|section|summary|template|time|video";function ca(a){var b=ba.split("|"),c=a.createDocumentFragment();if(c.createElement)while(b.length)c.createElement(b.pop());return c}!function(){var a=d.createElement("div"),b=d.createDocumentFragment(),c=d.createElement("input");a.innerHTML=" <link/><table></table><a href='/a'>a</a><input type='checkbox'/>",l.leadingWhitespace=3===a.firstChild.nodeType,l.tbody=!a.getElementsByTagName("tbody").length,l.htmlSerialize=!!a.getElementsByTagName("link").length,l.html5Clone="<:nav></:nav>"!==d.createElement("nav").cloneNode(!0).outerHTML,c.type="checkbox",c.checked=!0,b.appendChild(c),l.appendChecked=c.checked,a.innerHTML="<textarea>x</textarea>",l.noCloneChecked=!!a.cloneNode(!0).lastChild.defaultValue,b.appendChild(a),c=d.createElement("input"),c.setAttribute("type","radio"),c.setAttribute("checked","checked"),c.setAttribute("name","t"),a.appendChild(c),l.checkClone=a.cloneNode(!0).cloneNode(!0).lastChild.checked,l.noCloneEvent=!!a.addEventListener,a[n.expando]=1,l.attributes=!a.getAttribute(n.expando)}();var da={option:[1,"<select multiple='multiple'>","</select>"],legend:[1,"<fieldset>","</fieldset>"],area:[1,"<map>","</map>"],param:[1,"<object>","</object>"],thead:[1,"<table>","</table>"],tr:[2,"<table><tbody>","</tbody></table>"],col:[2,"<table><tbody></tbody><colgroup>","</colgroup></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],_default:l.htmlSerialize?[0,"",""]:[1,"X<div>","</div>"]};da.optgroup=da.option,da.tbody=da.tfoot=da.colgroup=da.caption=da.thead,da.th=da.td;function ea(a,b){var c,d,e=0,f="undefined"!=typeof a.getElementsByTagName?a.getElementsByTagName(b||"*"):"undefined"!=typeof a.querySelectorAll?a.querySelectorAll(b||"*"):void 0;if(!f)for(f=[],c=a.childNodes||a;null!=(d=c[e]);e++)!b||n.nodeName(d,b)?f.push(d):n.merge(f,ea(d,b));return void 0===b||b&&n.nodeName(a,b)?n.merge([a],f):f}function fa(a,b){for(var c,d=0;null!=(c=a[d]);d++)n._data(c,"globalEval",!b||n._data(b[d],"globalEval"))}var ga=/<|&#?\w+;/,ha=/<tbody/i;function ia(a){Z.test(a.type)&&(a.defaultChecked=a.checked)}function ja(a,b,c,d,e){for(var f,g,h,i,j,k,m,o=a.length,p=ca(b),q=[],r=0;o>r;r++)if(g=a[r],g||0===g)if("object"===n.type(g))n.merge(q,g.nodeType?[g]:g);else if(ga.test(g)){i=i||p.appendChild(b.createElement("div")),j=($.exec(g)||["",""])[1].toLowerCase(),m=da[j]||da._default,i.innerHTML=m[1]+n.htmlPrefilter(g)+m[2],f=m[0];while(f--)i=i.lastChild;if(!l.leadingWhitespace&&aa.test(g)&&q.push(b.createTextNode(aa.exec(g)[0])),!l.tbody){g="table"!==j||ha.test(g)?"<table>"!==m[1]||ha.test(g)?0:i:i.firstChild,f=g&&g.childNodes.length;while(f--)n.nodeName(k=g.childNodes[f],"tbody")&&!k.childNodes.length&&g.removeChild(k)}n.merge(q,i.childNodes),i.textContent="";while(i.firstChild)i.removeChild(i.firstChild);i=p.lastChild}else q.push(b.createTextNode(g));i&&p.removeChild(i),l.appendChecked||n.grep(ea(q,"input"),ia),r=0;while(g=q[r++])if(d&&n.inArray(g,d)>-1)e&&e.push(g);else if(h=n.contains(g.ownerDocument,g),i=ea(p.appendChild(g),"script"),h&&fa(i),c){f=0;while(g=i[f++])_.test(g.type||"")&&c.push(g)}return i=null,p}!function(){var b,c,e=d.createElement("div");for(b in{submit:!0,change:!0,focusin:!0})c="on"+b,(l[b]=c in a)||(e.setAttribute(c,"t"),l[b]=e.attributes[c].expando===!1);e=null}();var ka=/^(?:input|select|textarea)$/i,la=/^key/,ma=/^(?:mouse|pointer|contextmenu|drag|drop)|click/,na=/^(?:focusinfocus|focusoutblur)$/,oa=/^([^.]*)(?:\.(.+)|)/;function pa(){return!0}function qa(){return!1}function ra(){try{return d.activeElement}catch(a){}}function sa(a,b,c,d,e,f){var g,h;if("object"==typeof b){"string"!=typeof c&&(d=d||c,c=void 0);for(h in b)sa(a,h,c,d,b[h],f);return a}if(null==d&&null==e?(e=c,d=c=void 0):null==e&&("string"==typeof c?(e=d,d=void 0):(e=d,d=c,c=void 0)),e===!1)e=qa;else if(!e)return a;return 1===f&&(g=e,e=function(a){return n().off(a),g.apply(this,arguments)},e.guid=g.guid||(g.guid=n.guid++)),a.each(function(){n.event.add(this,b,e,d,c)})}n.event={global:{},add:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,o,p,q,r=n._data(a);if(r){c.handler&&(i=c,c=i.handler,e=i.selector),c.guid||(c.guid=n.guid++),(g=r.events)||(g=r.events={}),(k=r.handle)||(k=r.handle=function(a){return"undefined"==typeof n||a&&n.event.triggered===a.type?void 0:n.event.dispatch.apply(k.elem,arguments)},k.elem=a),b=(b||"").match(G)||[""],h=b.length;while(h--)f=oa.exec(b[h])||[],o=q=f[1],p=(f[2]||"").split(".").sort(),o&&(j=n.event.special[o]||{},o=(e?j.delegateType:j.bindType)||o,j=n.event.special[o]||{},l=n.extend({type:o,origType:q,data:d,handler:c,guid:c.guid,selector:e,needsContext:e&&n.expr.match.needsContext.test(e),namespace:p.join(".")},i),(m=g[o])||(m=g[o]=[],m.delegateCount=0,j.setup&&j.setup.call(a,d,p,k)!==!1||(a.addEventListener?a.addEventListener(o,k,!1):a.attachEvent&&a.attachEvent("on"+o,k))),j.add&&(j.add.call(a,l),l.handler.guid||(l.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,l):m.push(l),n.event.global[o]=!0);a=null}},remove:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,o,p,q,r=n.hasData(a)&&n._data(a);if(r&&(k=r.events)){b=(b||"").match(G)||[""],j=b.length;while(j--)if(h=oa.exec(b[j])||[],o=q=h[1],p=(h[2]||"").split(".").sort(),o){l=n.event.special[o]||{},o=(d?l.delegateType:l.bindType)||o,m=k[o]||[],h=h[2]&&new RegExp("(^|\\.)"+p.join("\\.(?:.*\\.|)")+"(\\.|$)"),i=f=m.length;while(f--)g=m[f],!e&&q!==g.origType||c&&c.guid!==g.guid||h&&!h.test(g.namespace)||d&&d!==g.selector&&("**"!==d||!g.selector)||(m.splice(f,1),g.selector&&m.delegateCount--,l.remove&&l.remove.call(a,g));i&&!m.length&&(l.teardown&&l.teardown.call(a,p,r.handle)!==!1||n.removeEvent(a,o,r.handle),delete k[o])}else for(o in k)n.event.remove(a,o+b[j],c,d,!0);n.isEmptyObject(k)&&(delete r.handle,n._removeData(a,"events"))}},trigger:function(b,c,e,f){var g,h,i,j,l,m,o,p=[e||d],q=k.call(b,"type")?b.type:b,r=k.call(b,"namespace")?b.namespace.split("."):[];if(i=m=e=e||d,3!==e.nodeType&&8!==e.nodeType&&!na.test(q+n.event.triggered)&&(q.indexOf(".")>-1&&(r=q.split("."),q=r.shift(),r.sort()),h=q.indexOf(":")<0&&"on"+q,b=b[n.expando]?b:new n.Event(q,"object"==typeof b&&b),b.isTrigger=f?2:3,b.namespace=r.join("."),b.rnamespace=b.namespace?new RegExp("(^|\\.)"+r.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,b.result=void 0,b.target||(b.target=e),c=null==c?[b]:n.makeArray(c,[b]),l=n.event.special[q]||{},f||!l.trigger||l.trigger.apply(e,c)!==!1)){if(!f&&!l.noBubble&&!n.isWindow(e)){for(j=l.delegateType||q,na.test(j+q)||(i=i.parentNode);i;i=i.parentNode)p.push(i),m=i;m===(e.ownerDocument||d)&&p.push(m.defaultView||m.parentWindow||a)}o=0;while((i=p[o++])&&!b.isPropagationStopped())b.type=o>1?j:l.bindType||q,g=(n._data(i,"events")||{})[b.type]&&n._data(i,"handle"),g&&g.apply(i,c),g=h&&i[h],g&&g.apply&&M(i)&&(b.result=g.apply(i,c),b.result===!1&&b.preventDefault());if(b.type=q,!f&&!b.isDefaultPrevented()&&(!l._default||l._default.apply(p.pop(),c)===!1)&&M(e)&&h&&e[q]&&!n.isWindow(e)){m=e[h],m&&(e[h]=null),n.event.triggered=q;try{e[q]()}catch(s){}n.event.triggered=void 0,m&&(e[h]=m)}return b.result}},dispatch:function(a){a=n.event.fix(a);var b,c,d,f,g,h=[],i=e.call(arguments),j=(n._data(this,"events")||{})[a.type]||[],k=n.event.special[a.type]||{};if(i[0]=a,a.delegateTarget=this,!k.preDispatch||k.preDispatch.call(this,a)!==!1){h=n.event.handlers.call(this,a,j),b=0;while((f=h[b++])&&!a.isPropagationStopped()){a.currentTarget=f.elem,c=0;while((g=f.handlers[c++])&&!a.isImmediatePropagationStopped())a.rnamespace&&!a.rnamespace.test(g.namespace)||(a.handleObj=g,a.data=g.data,d=((n.event.special[g.origType]||{}).handle||g.handler).apply(f.elem,i),void 0!==d&&(a.result=d)===!1&&(a.preventDefault(),a.stopPropagation()))}return k.postDispatch&&k.postDispatch.call(this,a),a.result}},handlers:function(a,b){var c,d,e,f,g=[],h=b.delegateCount,i=a.target;if(h&&i.nodeType&&("click"!==a.type||isNaN(a.button)||a.button<1))for(;i!=this;i=i.parentNode||this)if(1===i.nodeType&&(i.disabled!==!0||"click"!==a.type)){for(d=[],c=0;h>c;c++)f=b[c],e=f.selector+" ",void 0===d[e]&&(d[e]=f.needsContext?n(e,this).index(i)>-1:n.find(e,this,null,[i]).length),d[e]&&d.push(f);d.length&&g.push({elem:i,handlers:d})}return h<b.length&&g.push({elem:this,handlers:b.slice(h)}),g},fix:function(a){if(a[n.expando])return a;var b,c,e,f=a.type,g=a,h=this.fixHooks[f];h||(this.fixHooks[f]=h=ma.test(f)?this.mouseHooks:la.test(f)?this.keyHooks:{}),e=h.props?this.props.concat(h.props):this.props,a=new n.Event(g),b=e.length;while(b--)c=e[b],a[c]=g[c];return a.target||(a.target=g.srcElement||d),3===a.target.nodeType&&(a.target=a.target.parentNode),a.metaKey=!!a.metaKey,h.filter?h.filter(a,g):a},props:"altKey bubbles cancelable ctrlKey currentTarget detail eventPhase metaKey relatedTarget shiftKey target timeStamp view which".split(" "),fixHooks:{},keyHooks:{props:"char charCode key keyCode".split(" "),filter:function(a,b){return null==a.which&&(a.which=null!=b.charCode?b.charCode:b.keyCode),a}},mouseHooks:{props:"button buttons clientX clientY fromElement offsetX offsetY pageX pageY screenX screenY toElement".split(" "),filter:function(a,b){var c,e,f,g=b.button,h=b.fromElement;return null==a.pageX&&null!=b.clientX&&(e=a.target.ownerDocument||d,f=e.documentElement,c=e.body,a.pageX=b.clientX+(f&&f.scrollLeft||c&&c.scrollLeft||0)-(f&&f.clientLeft||c&&c.clientLeft||0),a.pageY=b.clientY+(f&&f.scrollTop||c&&c.scrollTop||0)-(f&&f.clientTop||c&&c.clientTop||0)),!a.relatedTarget&&h&&(a.relatedTarget=h===a.target?b.toElement:h),a.which||void 0===g||(a.which=1&g?1:2&g?3:4&g?2:0),a}},special:{load:{noBubble:!0},focus:{trigger:function(){if(this!==ra()&&this.focus)try{return this.focus(),!1}catch(a){}},delegateType:"focusin"},blur:{trigger:function(){return this===ra()&&this.blur?(this.blur(),!1):void 0},delegateType:"focusout"},click:{trigger:function(){return n.nodeName(this,"input")&&"checkbox"===this.type&&this.click?(this.click(),!1):void 0},_default:function(a){return n.nodeName(a.target,"a")}},beforeunload:{postDispatch:function(a){void 0!==a.result&&a.originalEvent&&(a.originalEvent.returnValue=a.result)}}},simulate:function(a,b,c){var d=n.extend(new n.Event,c,{type:a,isSimulated:!0});n.event.trigger(d,null,b),d.isDefaultPrevented()&&c.preventDefault()}},n.removeEvent=d.removeEventListener?function(a,b,c){a.removeEventListener&&a.removeEventListener(b,c)}:function(a,b,c){var d="on"+b;a.detachEvent&&("undefined"==typeof a[d]&&(a[d]=null),a.detachEvent(d,c))},n.Event=function(a,b){return this instanceof n.Event?(a&&a.type?(this.originalEvent=a,this.type=a.type,this.isDefaultPrevented=a.defaultPrevented||void 0===a.defaultPrevented&&a.returnValue===!1?pa:qa):this.type=a,b&&n.extend(this,b),this.timeStamp=a&&a.timeStamp||n.now(),void(this[n.expando]=!0)):new n.Event(a,b)},n.Event.prototype={constructor:n.Event,isDefaultPrevented:qa,isPropagationStopped:qa,isImmediatePropagationStopped:qa,preventDefault:function(){var a=this.originalEvent;this.isDefaultPrevented=pa,a&&(a.preventDefault?a.preventDefault():a.returnValue=!1)},stopPropagation:function(){var a=this.originalEvent;this.isPropagationStopped=pa,a&&!this.isSimulated&&(a.stopPropagation&&a.stopPropagation(),a.cancelBubble=!0)},stopImmediatePropagation:function(){var a=this.originalEvent;this.isImmediatePropagationStopped=pa,a&&a.stopImmediatePropagation&&a.stopImmediatePropagation(),this.stopPropagation()}},n.each({mouseenter:"mouseover",mouseleave:"mouseout",pointerenter:"pointerover",pointerleave:"pointerout"},function(a,b){n.event.special[a]={delegateType:b,bindType:b,handle:function(a){var c,d=this,e=a.relatedTarget,f=a.handleObj;return e&&(e===d||n.contains(d,e))||(a.type=f.origType,c=f.handler.apply(this,arguments),a.type=b),c}}}),l.submit||(n.event.special.submit={setup:function(){return n.nodeName(this,"form")?!1:void n.event.add(this,"click._submit keypress._submit",function(a){var b=a.target,c=n.nodeName(b,"input")||n.nodeName(b,"button")?n.prop(b,"form"):void 0;c&&!n._data(c,"submit")&&(n.event.add(c,"submit._submit",function(a){a._submitBubble=!0}),n._data(c,"submit",!0))})},postDispatch:function(a){a._submitBubble&&(delete a._submitBubble,this.parentNode&&!a.isTrigger&&n.event.simulate("submit",this.parentNode,a))},teardown:function(){return n.nodeName(this,"form")?!1:void n.event.remove(this,"._submit")}}),l.change||(n.event.special.change={setup:function(){return ka.test(this.nodeName)?("checkbox"!==this.type&&"radio"!==this.type||(n.event.add(this,"propertychange._change",function(a){"checked"===a.originalEvent.propertyName&&(this._justChanged=!0)}),n.event.add(this,"click._change",function(a){this._justChanged&&!a.isTrigger&&(this._justChanged=!1),n.event.simulate("change",this,a)})),!1):void n.event.add(this,"beforeactivate._change",function(a){var b=a.target;ka.test(b.nodeName)&&!n._data(b,"change")&&(n.event.add(b,"change._change",function(a){!this.parentNode||a.isSimulated||a.isTrigger||n.event.simulate("change",this.parentNode,a)}),n._data(b,"change",!0))})},handle:function(a){var b=a.target;return this!==b||a.isSimulated||a.isTrigger||"radio"!==b.type&&"checkbox"!==b.type?a.handleObj.handler.apply(this,arguments):void 0},teardown:function(){return n.event.remove(this,"._change"),!ka.test(this.nodeName)}}),l.focusin||n.each({focus:"focusin",blur:"focusout"},function(a,b){var c=function(a){n.event.simulate(b,a.target,n.event.fix(a))};n.event.special[b]={setup:function(){var d=this.ownerDocument||this,e=n._data(d,b);e||d.addEventListener(a,c,!0),n._data(d,b,(e||0)+1)},teardown:function(){var d=this.ownerDocument||this,e=n._data(d,b)-1;e?n._data(d,b,e):(d.removeEventListener(a,c,!0),n._removeData(d,b))}}}),n.fn.extend({on:function(a,b,c,d){return sa(this,a,b,c,d)},one:function(a,b,c,d){return sa(this,a,b,c,d,1)},off:function(a,b,c){var d,e;if(a&&a.preventDefault&&a.handleObj)return d=a.handleObj,n(a.delegateTarget).off(d.namespace?d.origType+"."+d.namespace:d.origType,d.selector,d.handler),this;if("object"==typeof a){for(e in a)this.off(e,b,a[e]);return this}return b!==!1&&"function"!=typeof b||(c=b,b=void 0),c===!1&&(c=qa),this.each(function(){n.event.remove(this,a,c,b)})},trigger:function(a,b){return this.each(function(){n.event.trigger(a,b,this)})},triggerHandler:function(a,b){var c=this[0];return c?n.event.trigger(a,b,c,!0):void 0}});var ta=/ jQuery\d+="(?:null|\d+)"/g,ua=new RegExp("<(?:"+ba+")[\\s/>]","i"),va=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:-]+)[^>]*)\/>/gi,wa=/<script|<style|<link/i,xa=/checked\s*(?:[^=]|=\s*.checked.)/i,ya=/^true\/(.*)/,za=/^\s*<!(?:\[CDATA\[|--)|(?:\]\]|--)>\s*$/g,Aa=ca(d),Ba=Aa.appendChild(d.createElement("div"));function Ca(a,b){return n.nodeName(a,"table")&&n.nodeName(11!==b.nodeType?b:b.firstChild,"tr")?a.getElementsByTagName("tbody")[0]||a.appendChild(a.ownerDocument.createElement("tbody")):a}function Da(a){return a.type=(null!==n.find.attr(a,"type"))+"/"+a.type,a}function Ea(a){var b=ya.exec(a.type);return b?a.type=b[1]:a.removeAttribute("type"),a}function Fa(a,b){if(1===b.nodeType&&n.hasData(a)){var c,d,e,f=n._data(a),g=n._data(b,f),h=f.events;if(h){delete g.handle,g.events={};for(c in h)for(d=0,e=h[c].length;e>d;d++)n.event.add(b,c,h[c][d])}g.data&&(g.data=n.extend({},g.data))}}function Ga(a,b){var c,d,e;if(1===b.nodeType){if(c=b.nodeName.toLowerCase(),!l.noCloneEvent&&b[n.expando]){e=n._data(b);for(d in e.events)n.removeEvent(b,d,e.handle);b.removeAttribute(n.expando)}"script"===c&&b.text!==a.text?(Da(b).text=a.text,Ea(b)):"object"===c?(b.parentNode&&(b.outerHTML=a.outerHTML),l.html5Clone&&a.innerHTML&&!n.trim(b.innerHTML)&&(b.innerHTML=a.innerHTML)):"input"===c&&Z.test(a.type)?(b.defaultChecked=b.checked=a.checked,b.value!==a.value&&(b.value=a.value)):"option"===c?b.defaultSelected=b.selected=a.defaultSelected:"input"!==c&&"textarea"!==c||(b.defaultValue=a.defaultValue)}}function Ha(a,b,c,d){b=f.apply([],b);var e,g,h,i,j,k,m=0,o=a.length,p=o-1,q=b[0],r=n.isFunction(q);if(r||o>1&&"string"==typeof q&&!l.checkClone&&xa.test(q))return a.each(function(e){var f=a.eq(e);r&&(b[0]=q.call(this,e,f.html())),Ha(f,b,c,d)});if(o&&(k=ja(b,a[0].ownerDocument,!1,a,d),e=k.firstChild,1===k.childNodes.length&&(k=e),e||d)){for(i=n.map(ea(k,"script"),Da),h=i.length;o>m;m++)g=k,m!==p&&(g=n.clone(g,!0,!0),h&&n.merge(i,ea(g,"script"))),c.call(a[m],g,m);if(h)for(j=i[i.length-1].ownerDocument,n.map(i,Ea),m=0;h>m;m++)g=i[m],_.test(g.type||"")&&!n._data(g,"globalEval")&&n.contains(j,g)&&(g.src?n._evalUrl&&n._evalUrl(g.src):n.globalEval((g.text||g.textContent||g.innerHTML||"").replace(za,"")));k=e=null}return a}function Ia(a,b,c){for(var d,e=b?n.filter(b,a):a,f=0;null!=(d=e[f]);f++)c||1!==d.nodeType||n.cleanData(ea(d)),d.parentNode&&(c&&n.contains(d.ownerDocument,d)&&fa(ea(d,"script")),d.parentNode.removeChild(d));return a}n.extend({htmlPrefilter:function(a){return a.replace(va,"<$1></$2>")},clone:function(a,b,c){var d,e,f,g,h,i=n.contains(a.ownerDocument,a);if(l.html5Clone||n.isXMLDoc(a)||!ua.test("<"+a.nodeName+">")?f=a.cloneNode(!0):(Ba.innerHTML=a.outerHTML,Ba.removeChild(f=Ba.firstChild)),!(l.noCloneEvent&&l.noCloneChecked||1!==a.nodeType&&11!==a.nodeType||n.isXMLDoc(a)))for(d=ea(f),h=ea(a),g=0;null!=(e=h[g]);++g)d[g]&&Ga(e,d[g]);if(b)if(c)for(h=h||ea(a),d=d||ea(f),g=0;null!=(e=h[g]);g++)Fa(e,d[g]);else Fa(a,f);return d=ea(f,"script"),d.length>0&&fa(d,!i&&ea(a,"script")),d=h=e=null,f},cleanData:function(a,b){for(var d,e,f,g,h=0,i=n.expando,j=n.cache,k=l.attributes,m=n.event.special;null!=(d=a[h]);h++)if((b||M(d))&&(f=d[i],g=f&&j[f])){if(g.events)for(e in g.events)m[e]?n.event.remove(d,e):n.removeEvent(d,e,g.handle);j[f]&&(delete j[f],k||"undefined"==typeof d.removeAttribute?d[i]=void 0:d.removeAttribute(i),c.push(f))}}}),n.fn.extend({domManip:Ha,detach:function(a){return Ia(this,a,!0)},remove:function(a){return Ia(this,a)},text:function(a){return Y(this,function(a){return void 0===a?n.text(this):this.empty().append((this[0]&&this[0].ownerDocument||d).createTextNode(a))},null,a,arguments.length)},append:function(){return Ha(this,arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=Ca(this,a);b.appendChild(a)}})},prepend:function(){return Ha(this,arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=Ca(this,a);b.insertBefore(a,b.firstChild)}})},before:function(){return Ha(this,arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this)})},after:function(){return Ha(this,arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this.nextSibling)})},empty:function(){for(var a,b=0;null!=(a=this[b]);b++){1===a.nodeType&&n.cleanData(ea(a,!1));while(a.firstChild)a.removeChild(a.firstChild);a.options&&n.nodeName(a,"select")&&(a.options.length=0)}return this},clone:function(a,b){return a=null==a?!1:a,b=null==b?a:b,this.map(function(){return n.clone(this,a,b)})},html:function(a){return Y(this,function(a){var b=this[0]||{},c=0,d=this.length;if(void 0===a)return 1===b.nodeType?b.innerHTML.replace(ta,""):void 0;if("string"==typeof a&&!wa.test(a)&&(l.htmlSerialize||!ua.test(a))&&(l.leadingWhitespace||!aa.test(a))&&!da[($.exec(a)||["",""])[1].toLowerCase()]){a=n.htmlPrefilter(a);try{for(;d>c;c++)b=this[c]||{},1===b.nodeType&&(n.cleanData(ea(b,!1)),b.innerHTML=a);b=0}catch(e){}}b&&this.empty().append(a)},null,a,arguments.length)},replaceWith:function(){var a=[];return Ha(this,arguments,function(b){var c=this.parentNode;n.inArray(this,a)<0&&(n.cleanData(ea(this)),c&&c.replaceChild(b,this))},a)}}),n.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(a,b){n.fn[a]=function(a){for(var c,d=0,e=[],f=n(a),h=f.length-1;h>=d;d++)c=d===h?this:this.clone(!0),n(f[d])[b](c),g.apply(e,c.get());return this.pushStack(e)}});var Ja,Ka={HTML:"block",BODY:"block"};function La(a,b){var c=n(b.createElement(a)).appendTo(b.body),d=n.css(c[0],"display");return c.detach(),d}function Ma(a){var b=d,c=Ka[a];return c||(c=La(a,b),"none"!==c&&c||(Ja=(Ja||n("<iframe frameborder='0' width='0' height='0'/>")).appendTo(b.documentElement),b=(Ja[0].contentWindow||Ja[0].contentDocument).document,b.write(),b.close(),c=La(a,b),Ja.detach()),Ka[a]=c),c}var Na=/^margin/,Oa=new RegExp("^("+T+")(?!px)[a-z%]+$","i"),Pa=function(a,b,c,d){var e,f,g={};for(f in b)g[f]=a.style[f],a.style[f]=b[f];e=c.apply(a,d||[]);for(f in b)a.style[f]=g[f];return e},Qa=d.documentElement;!function(){var b,c,e,f,g,h,i=d.createElement("div"),j=d.createElement("div");if(j.style){j.style.cssText="float:left;opacity:.5",l.opacity="0.5"===j.style.opacity,l.cssFloat=!!j.style.cssFloat,j.style.backgroundClip="content-box",j.cloneNode(!0).style.backgroundClip="",l.clearCloneStyle="content-box"===j.style.backgroundClip,i=d.createElement("div"),i.style.cssText="border:0;width:8px;height:0;top:0;left:-9999px;padding:0;margin-top:1px;position:absolute",j.innerHTML="",i.appendChild(j),l.boxSizing=""===j.style.boxSizing||""===j.style.MozBoxSizing||""===j.style.WebkitBoxSizing,n.extend(l,{reliableHiddenOffsets:function(){return null==b&&k(),f},boxSizingReliable:function(){return null==b&&k(),e},pixelMarginRight:function(){return null==b&&k(),c},pixelPosition:function(){return null==b&&k(),b},reliableMarginRight:function(){return null==b&&k(),g},reliableMarginLeft:function(){return null==b&&k(),h}});function k(){var k,l,m=d.documentElement;m.appendChild(i),j.style.cssText="-webkit-box-sizing:border-box;box-sizing:border-box;position:relative;display:block;margin:auto;border:1px;padding:1px;top:1%;width:50%",b=e=h=!1,c=g=!0,a.getComputedStyle&&(l=a.getComputedStyle(j),b="1%"!==(l||{}).top,h="2px"===(l||{}).marginLeft,e="4px"===(l||{width:"4px"}).width,j.style.marginRight="50%",c="4px"===(l||{marginRight:"4px"}).marginRight,k=j.appendChild(d.createElement("div")),k.style.cssText=j.style.cssText="-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;display:block;margin:0;border:0;padding:0",k.style.marginRight=k.style.width="0",j.style.width="1px",g=!parseFloat((a.getComputedStyle(k)||{}).marginRight),j.removeChild(k)),j.style.display="none",f=0===j.getClientRects().length,f&&(j.style.display="",j.innerHTML="<table><tr><td></td><td>t</td></tr></table>",j.childNodes[0].style.borderCollapse="separate",k=j.getElementsByTagName("td"),k[0].style.cssText="margin:0;border:0;padding:0;display:none",f=0===k[0].offsetHeight,f&&(k[0].style.display="",k[1].style.display="none",f=0===k[0].offsetHeight)),m.removeChild(i)}}}();var Ra,Sa,Ta=/^(top|right|bottom|left)$/;a.getComputedStyle?(Ra=function(b){var c=b.ownerDocument.defaultView;return c&&c.opener||(c=a),c.getComputedStyle(b)},Sa=function(a,b,c){var d,e,f,g,h=a.style;return c=c||Ra(a),g=c?c.getPropertyValue(b)||c[b]:void 0,""!==g&&void 0!==g||n.contains(a.ownerDocument,a)||(g=n.style(a,b)),c&&!l.pixelMarginRight()&&Oa.test(g)&&Na.test(b)&&(d=h.width,e=h.minWidth,f=h.maxWidth,h.minWidth=h.maxWidth=h.width=g,g=c.width,h.width=d,h.minWidth=e,h.maxWidth=f),void 0===g?g:g+""}):Qa.currentStyle&&(Ra=function(a){return a.currentStyle},Sa=function(a,b,c){var d,e,f,g,h=a.style;return c=c||Ra(a),g=c?c[b]:void 0,null==g&&h&&h[b]&&(g=h[b]),Oa.test(g)&&!Ta.test(b)&&(d=h.left,e=a.runtimeStyle,f=e&&e.left,f&&(e.left=a.currentStyle.left),h.left="fontSize"===b?"1em":g,g=h.pixelLeft+"px",h.left=d,f&&(e.left=f)),void 0===g?g:g+""||"auto"});function Ua(a,b){return{get:function(){return a()?void delete this.get:(this.get=b).apply(this,arguments)}}}var Va=/alpha\([^)]*\)/i,Wa=/opacity\s*=\s*([^)]*)/i,Xa=/^(none|table(?!-c[ea]).+)/,Ya=new RegExp("^("+T+")(.*)$","i"),Za={position:"absolute",visibility:"hidden",display:"block"},$a={letterSpacing:"0",fontWeight:"400"},_a=["Webkit","O","Moz","ms"],ab=d.createElement("div").style;function bb(a){if(a in ab)return a;var b=a.charAt(0).toUpperCase()+a.slice(1),c=_a.length;while(c--)if(a=_a[c]+b,a in ab)return a}function cb(a,b){for(var c,d,e,f=[],g=0,h=a.length;h>g;g++)d=a[g],d.style&&(f[g]=n._data(d,"olddisplay"),c=d.style.display,b?(f[g]||"none"!==c||(d.style.display=""),""===d.style.display&&W(d)&&(f[g]=n._data(d,"olddisplay",Ma(d.nodeName)))):(e=W(d),(c&&"none"!==c||!e)&&n._data(d,"olddisplay",e?c:n.css(d,"display"))));for(g=0;h>g;g++)d=a[g],d.style&&(b&&"none"!==d.style.display&&""!==d.style.display||(d.style.display=b?f[g]||"":"none"));return a}function db(a,b,c){var d=Ya.exec(b);return d?Math.max(0,d[1]-(c||0))+(d[2]||"px"):b}function eb(a,b,c,d,e){for(var f=c===(d?"border":"content")?4:"width"===b?1:0,g=0;4>f;f+=2)"margin"===c&&(g+=n.css(a,c+V[f],!0,e)),d?("content"===c&&(g-=n.css(a,"padding"+V[f],!0,e)),"margin"!==c&&(g-=n.css(a,"border"+V[f]+"Width",!0,e))):(g+=n.css(a,"padding"+V[f],!0,e),"padding"!==c&&(g+=n.css(a,"border"+V[f]+"Width",!0,e)));return g}function fb(a,b,c){var d=!0,e="width"===b?a.offsetWidth:a.offsetHeight,f=Ra(a),g=l.boxSizing&&"border-box"===n.css(a,"boxSizing",!1,f);if(0>=e||null==e){if(e=Sa(a,b,f),(0>e||null==e)&&(e=a.style[b]),Oa.test(e))return e;d=g&&(l.boxSizingReliable()||e===a.style[b]),e=parseFloat(e)||0}return e+eb(a,b,c||(g?"border":"content"),d,f)+"px"}n.extend({cssHooks:{opacity:{get:function(a,b){if(b){var c=Sa(a,"opacity");return""===c?"1":c}}}},cssNumber:{animationIterationCount:!0,columnCount:!0,fillOpacity:!0,flexGrow:!0,flexShrink:!0,fontWeight:!0,lineHeight:!0,opacity:!0,order:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":l.cssFloat?"cssFloat":"styleFloat"},style:function(a,b,c,d){if(a&&3!==a.nodeType&&8!==a.nodeType&&a.style){var e,f,g,h=n.camelCase(b),i=a.style;if(b=n.cssProps[h]||(n.cssProps[h]=bb(h)||h),g=n.cssHooks[b]||n.cssHooks[h],void 0===c)return g&&"get"in g&&void 0!==(e=g.get(a,!1,d))?e:i[b];if(f=typeof c,"string"===f&&(e=U.exec(c))&&e[1]&&(c=X(a,b,e),f="number"),null!=c&&c===c&&("number"===f&&(c+=e&&e[3]||(n.cssNumber[h]?"":"px")),l.clearCloneStyle||""!==c||0!==b.indexOf("background")||(i[b]="inherit"),!(g&&"set"in g&&void 0===(c=g.set(a,c,d)))))try{i[b]=c}catch(j){}}},css:function(a,b,c,d){var e,f,g,h=n.camelCase(b);return b=n.cssProps[h]||(n.cssProps[h]=bb(h)||h),g=n.cssHooks[b]||n.cssHooks[h],g&&"get"in g&&(f=g.get(a,!0,c)),void 0===f&&(f=Sa(a,b,d)),"normal"===f&&b in $a&&(f=$a[b]),""===c||c?(e=parseFloat(f),c===!0||isFinite(e)?e||0:f):f}}),n.each(["height","width"],function(a,b){n.cssHooks[b]={get:function(a,c,d){return c?Xa.test(n.css(a,"display"))&&0===a.offsetWidth?Pa(a,Za,function(){return fb(a,b,d)}):fb(a,b,d):void 0},set:function(a,c,d){var e=d&&Ra(a);return db(a,c,d?eb(a,b,d,l.boxSizing&&"border-box"===n.css(a,"boxSizing",!1,e),e):0)}}}),l.opacity||(n.cssHooks.opacity={get:function(a,b){return Wa.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?.01*parseFloat(RegExp.$1)+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle,e=n.isNumeric(b)?"alpha(opacity="+100*b+")":"",f=d&&d.filter||c.filter||"";c.zoom=1,(b>=1||""===b)&&""===n.trim(f.replace(Va,""))&&c.removeAttribute&&(c.removeAttribute("filter"),""===b||d&&!d.filter)||(c.filter=Va.test(f)?f.replace(Va,e):f+" "+e)}}),n.cssHooks.marginRight=Ua(l.reliableMarginRight,function(a,b){return b?Pa(a,{display:"inline-block"},Sa,[a,"marginRight"]):void 0}),n.cssHooks.marginLeft=Ua(l.reliableMarginLeft,function(a,b){return b?(parseFloat(Sa(a,"marginLeft"))||(n.contains(a.ownerDocument,a)?a.getBoundingClientRect().left-Pa(a,{ marginLeft:0},function(){return a.getBoundingClientRect().left}):0))+"px":void 0}),n.each({margin:"",padding:"",border:"Width"},function(a,b){n.cssHooks[a+b]={expand:function(c){for(var d=0,e={},f="string"==typeof c?c.split(" "):[c];4>d;d++)e[a+V[d]+b]=f[d]||f[d-2]||f[0];return e}},Na.test(a)||(n.cssHooks[a+b].set=db)}),n.fn.extend({css:function(a,b){return Y(this,function(a,b,c){var d,e,f={},g=0;if(n.isArray(b)){for(d=Ra(a),e=b.length;e>g;g++)f[b[g]]=n.css(a,b[g],!1,d);return f}return void 0!==c?n.style(a,b,c):n.css(a,b)},a,b,arguments.length>1)},show:function(){return cb(this,!0)},hide:function(){return cb(this)},toggle:function(a){return"boolean"==typeof a?a?this.show():this.hide():this.each(function(){W(this)?n(this).show():n(this).hide()})}});function gb(a,b,c,d,e){return new gb.prototype.init(a,b,c,d,e)}n.Tween=gb,gb.prototype={constructor:gb,init:function(a,b,c,d,e,f){this.elem=a,this.prop=c,this.easing=e||n.easing._default,this.options=b,this.start=this.now=this.cur(),this.end=d,this.unit=f||(n.cssNumber[c]?"":"px")},cur:function(){var a=gb.propHooks[this.prop];return a&&a.get?a.get(this):gb.propHooks._default.get(this)},run:function(a){var b,c=gb.propHooks[this.prop];return this.options.duration?this.pos=b=n.easing[this.easing](a,this.options.duration*a,0,1,this.options.duration):this.pos=b=a,this.now=(this.end-this.start)*b+this.start,this.options.step&&this.options.step.call(this.elem,this.now,this),c&&c.set?c.set(this):gb.propHooks._default.set(this),this}},gb.prototype.init.prototype=gb.prototype,gb.propHooks={_default:{get:function(a){var b;return 1!==a.elem.nodeType||null!=a.elem[a.prop]&&null==a.elem.style[a.prop]?a.elem[a.prop]:(b=n.css(a.elem,a.prop,""),b&&"auto"!==b?b:0)},set:function(a){n.fx.step[a.prop]?n.fx.step[a.prop](a):1!==a.elem.nodeType||null==a.elem.style[n.cssProps[a.prop]]&&!n.cssHooks[a.prop]?a.elem[a.prop]=a.now:n.style(a.elem,a.prop,a.now+a.unit)}}},gb.propHooks.scrollTop=gb.propHooks.scrollLeft={set:function(a){a.elem.nodeType&&a.elem.parentNode&&(a.elem[a.prop]=a.now)}},n.easing={linear:function(a){return a},swing:function(a){return.5-Math.cos(a*Math.PI)/2},_default:"swing"},n.fx=gb.prototype.init,n.fx.step={};var hb,ib,jb=/^(?:toggle|show|hide)$/,kb=/queueHooks$/;function lb(){return a.setTimeout(function(){hb=void 0}),hb=n.now()}function mb(a,b){var c,d={height:a},e=0;for(b=b?1:0;4>e;e+=2-b)c=V[e],d["margin"+c]=d["padding"+c]=a;return b&&(d.opacity=d.width=a),d}function nb(a,b,c){for(var d,e=(qb.tweeners[b]||[]).concat(qb.tweeners["*"]),f=0,g=e.length;g>f;f++)if(d=e[f].call(c,b,a))return d}function ob(a,b,c){var d,e,f,g,h,i,j,k,m=this,o={},p=a.style,q=a.nodeType&&W(a),r=n._data(a,"fxshow");c.queue||(h=n._queueHooks(a,"fx"),null==h.unqueued&&(h.unqueued=0,i=h.empty.fire,h.empty.fire=function(){h.unqueued||i()}),h.unqueued++,m.always(function(){m.always(function(){h.unqueued--,n.queue(a,"fx").length||h.empty.fire()})})),1===a.nodeType&&("height"in b||"width"in b)&&(c.overflow=[p.overflow,p.overflowX,p.overflowY],j=n.css(a,"display"),k="none"===j?n._data(a,"olddisplay")||Ma(a.nodeName):j,"inline"===k&&"none"===n.css(a,"float")&&(l.inlineBlockNeedsLayout&&"inline"!==Ma(a.nodeName)?p.zoom=1:p.display="inline-block")),c.overflow&&(p.overflow="hidden",l.shrinkWrapBlocks()||m.always(function(){p.overflow=c.overflow[0],p.overflowX=c.overflow[1],p.overflowY=c.overflow[2]}));for(d in b)if(e=b[d],jb.exec(e)){if(delete b[d],f=f||"toggle"===e,e===(q?"hide":"show")){if("show"!==e||!r||void 0===r[d])continue;q=!0}o[d]=r&&r[d]||n.style(a,d)}else j=void 0;if(n.isEmptyObject(o))"inline"===("none"===j?Ma(a.nodeName):j)&&(p.display=j);else{r?"hidden"in r&&(q=r.hidden):r=n._data(a,"fxshow",{}),f&&(r.hidden=!q),q?n(a).show():m.done(function(){n(a).hide()}),m.done(function(){var b;n._removeData(a,"fxshow");for(b in o)n.style(a,b,o[b])});for(d in o)g=nb(q?r[d]:0,d,m),d in r||(r[d]=g.start,q&&(g.end=g.start,g.start="width"===d||"height"===d?1:0))}}function pb(a,b){var c,d,e,f,g;for(c in a)if(d=n.camelCase(c),e=b[d],f=a[c],n.isArray(f)&&(e=f[1],f=a[c]=f[0]),c!==d&&(a[d]=f,delete a[c]),g=n.cssHooks[d],g&&"expand"in g){f=g.expand(f),delete a[d];for(c in f)c in a||(a[c]=f[c],b[c]=e)}else b[d]=e}function qb(a,b,c){var d,e,f=0,g=qb.prefilters.length,h=n.Deferred().always(function(){delete i.elem}),i=function(){if(e)return!1;for(var b=hb||lb(),c=Math.max(0,j.startTime+j.duration-b),d=c/j.duration||0,f=1-d,g=0,i=j.tweens.length;i>g;g++)j.tweens[g].run(f);return h.notifyWith(a,[j,f,c]),1>f&&i?c:(h.resolveWith(a,[j]),!1)},j=h.promise({elem:a,props:n.extend({},b),opts:n.extend(!0,{specialEasing:{},easing:n.easing._default},c),originalProperties:b,originalOptions:c,startTime:hb||lb(),duration:c.duration,tweens:[],createTween:function(b,c){var d=n.Tween(a,j.opts,b,c,j.opts.specialEasing[b]||j.opts.easing);return j.tweens.push(d),d},stop:function(b){var c=0,d=b?j.tweens.length:0;if(e)return this;for(e=!0;d>c;c++)j.tweens[c].run(1);return b?(h.notifyWith(a,[j,1,0]),h.resolveWith(a,[j,b])):h.rejectWith(a,[j,b]),this}}),k=j.props;for(pb(k,j.opts.specialEasing);g>f;f++)if(d=qb.prefilters[f].call(j,a,k,j.opts))return n.isFunction(d.stop)&&(n._queueHooks(j.elem,j.opts.queue).stop=n.proxy(d.stop,d)),d;return n.map(k,nb,j),n.isFunction(j.opts.start)&&j.opts.start.call(a,j),n.fx.timer(n.extend(i,{elem:a,anim:j,queue:j.opts.queue})),j.progress(j.opts.progress).done(j.opts.done,j.opts.complete).fail(j.opts.fail).always(j.opts.always)}n.Animation=n.extend(qb,{tweeners:{"*":[function(a,b){var c=this.createTween(a,b);return X(c.elem,a,U.exec(b),c),c}]},tweener:function(a,b){n.isFunction(a)?(b=a,a=["*"]):a=a.match(G);for(var c,d=0,e=a.length;e>d;d++)c=a[d],qb.tweeners[c]=qb.tweeners[c]||[],qb.tweeners[c].unshift(b)},prefilters:[ob],prefilter:function(a,b){b?qb.prefilters.unshift(a):qb.prefilters.push(a)}}),n.speed=function(a,b,c){var d=a&&"object"==typeof a?n.extend({},a):{complete:c||!c&&b||n.isFunction(a)&&a,duration:a,easing:c&&b||b&&!n.isFunction(b)&&b};return d.duration=n.fx.off?0:"number"==typeof d.duration?d.duration:d.duration in n.fx.speeds?n.fx.speeds[d.duration]:n.fx.speeds._default,null!=d.queue&&d.queue!==!0||(d.queue="fx"),d.old=d.complete,d.complete=function(){n.isFunction(d.old)&&d.old.call(this),d.queue&&n.dequeue(this,d.queue)},d},n.fn.extend({fadeTo:function(a,b,c,d){return this.filter(W).css("opacity",0).show().end().animate({opacity:b},a,c,d)},animate:function(a,b,c,d){var e=n.isEmptyObject(a),f=n.speed(b,c,d),g=function(){var b=qb(this,n.extend({},a),f);(e||n._data(this,"finish"))&&b.stop(!0)};return g.finish=g,e||f.queue===!1?this.each(g):this.queue(f.queue,g)},stop:function(a,b,c){var d=function(a){var b=a.stop;delete a.stop,b(c)};return"string"!=typeof a&&(c=b,b=a,a=void 0),b&&a!==!1&&this.queue(a||"fx",[]),this.each(function(){var b=!0,e=null!=a&&a+"queueHooks",f=n.timers,g=n._data(this);if(e)g[e]&&g[e].stop&&d(g[e]);else for(e in g)g[e]&&g[e].stop&&kb.test(e)&&d(g[e]);for(e=f.length;e--;)f[e].elem!==this||null!=a&&f[e].queue!==a||(f[e].anim.stop(c),b=!1,f.splice(e,1));!b&&c||n.dequeue(this,a)})},finish:function(a){return a!==!1&&(a=a||"fx"),this.each(function(){var b,c=n._data(this),d=c[a+"queue"],e=c[a+"queueHooks"],f=n.timers,g=d?d.length:0;for(c.finish=!0,n.queue(this,a,[]),e&&e.stop&&e.stop.call(this,!0),b=f.length;b--;)f[b].elem===this&&f[b].queue===a&&(f[b].anim.stop(!0),f.splice(b,1));for(b=0;g>b;b++)d[b]&&d[b].finish&&d[b].finish.call(this);delete c.finish})}}),n.each(["toggle","show","hide"],function(a,b){var c=n.fn[b];n.fn[b]=function(a,d,e){return null==a||"boolean"==typeof a?c.apply(this,arguments):this.animate(mb(b,!0),a,d,e)}}),n.each({slideDown:mb("show"),slideUp:mb("hide"),slideToggle:mb("toggle"),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(a,b){n.fn[a]=function(a,c,d){return this.animate(b,a,c,d)}}),n.timers=[],n.fx.tick=function(){var a,b=n.timers,c=0;for(hb=n.now();c<b.length;c++)a=b[c],a()||b[c]!==a||b.splice(c--,1);b.length||n.fx.stop(),hb=void 0},n.fx.timer=function(a){n.timers.push(a),a()?n.fx.start():n.timers.pop()},n.fx.interval=13,n.fx.start=function(){ib||(ib=a.setInterval(n.fx.tick,n.fx.interval))},n.fx.stop=function(){a.clearInterval(ib),ib=null},n.fx.speeds={slow:600,fast:200,_default:400},n.fn.delay=function(b,c){return b=n.fx?n.fx.speeds[b]||b:b,c=c||"fx",this.queue(c,function(c,d){var e=a.setTimeout(c,b);d.stop=function(){a.clearTimeout(e)}})},function(){var a,b=d.createElement("input"),c=d.createElement("div"),e=d.createElement("select"),f=e.appendChild(d.createElement("option"));c=d.createElement("div"),c.setAttribute("className","t"),c.innerHTML=" <link/><table></table><a href='/a'>a</a><input type='checkbox'/>",a=c.getElementsByTagName("a")[0],b.setAttribute("type","checkbox"),c.appendChild(b),a=c.getElementsByTagName("a")[0],a.style.cssText="top:1px",l.getSetAttribute="t"!==c.className,l.style=/top/.test(a.getAttribute("style")),l.hrefNormalized="/a"===a.getAttribute("href"),l.checkOn=!!b.value,l.optSelected=f.selected,l.enctype=!!d.createElement("form").enctype,e.disabled=!0,l.optDisabled=!f.disabled,b=d.createElement("input"),b.setAttribute("value",""),l.input=""===b.getAttribute("value"),b.value="t",b.setAttribute("type","radio"),l.radioValue="t"===b.value}();var rb=/\r/g,sb=/[\x20\t\r\n\f]+/g;n.fn.extend({val:function(a){var b,c,d,e=this[0];{if(arguments.length)return d=n.isFunction(a),this.each(function(c){var e;1===this.nodeType&&(e=d?a.call(this,c,n(this).val()):a,null==e?e="":"number"==typeof e?e+="":n.isArray(e)&&(e=n.map(e,function(a){return null==a?"":a+""})),b=n.valHooks[this.type]||n.valHooks[this.nodeName.toLowerCase()],b&&"set"in b&&void 0!==b.set(this,e,"value")||(this.value=e))});if(e)return b=n.valHooks[e.type]||n.valHooks[e.nodeName.toLowerCase()],b&&"get"in b&&void 0!==(c=b.get(e,"value"))?c:(c=e.value,"string"==typeof c?c.replace(rb,""):null==c?"":c)}}}),n.extend({valHooks:{option:{get:function(a){var b=n.find.attr(a,"value");return null!=b?b:n.trim(n.text(a)).replace(sb," ")}},select:{get:function(a){for(var b,c,d=a.options,e=a.selectedIndex,f="select-one"===a.type||0>e,g=f?null:[],h=f?e+1:d.length,i=0>e?h:f?e:0;h>i;i++)if(c=d[i],(c.selected||i===e)&&(l.optDisabled?!c.disabled:null===c.getAttribute("disabled"))&&(!c.parentNode.disabled||!n.nodeName(c.parentNode,"optgroup"))){if(b=n(c).val(),f)return b;g.push(b)}return g},set:function(a,b){var c,d,e=a.options,f=n.makeArray(b),g=e.length;while(g--)if(d=e[g],n.inArray(n.valHooks.option.get(d),f)>-1)try{d.selected=c=!0}catch(h){d.scrollHeight}else d.selected=!1;return c||(a.selectedIndex=-1),e}}}}),n.each(["radio","checkbox"],function(){n.valHooks[this]={set:function(a,b){return n.isArray(b)?a.checked=n.inArray(n(a).val(),b)>-1:void 0}},l.checkOn||(n.valHooks[this].get=function(a){return null===a.getAttribute("value")?"on":a.value})});var tb,ub,vb=n.expr.attrHandle,wb=/^(?:checked|selected)$/i,xb=l.getSetAttribute,yb=l.input;n.fn.extend({attr:function(a,b){return Y(this,n.attr,a,b,arguments.length>1)},removeAttr:function(a){return this.each(function(){n.removeAttr(this,a)})}}),n.extend({attr:function(a,b,c){var d,e,f=a.nodeType;if(3!==f&&8!==f&&2!==f)return"undefined"==typeof a.getAttribute?n.prop(a,b,c):(1===f&&n.isXMLDoc(a)||(b=b.toLowerCase(),e=n.attrHooks[b]||(n.expr.match.bool.test(b)?ub:tb)),void 0!==c?null===c?void n.removeAttr(a,b):e&&"set"in e&&void 0!==(d=e.set(a,c,b))?d:(a.setAttribute(b,c+""),c):e&&"get"in e&&null!==(d=e.get(a,b))?d:(d=n.find.attr(a,b),null==d?void 0:d))},attrHooks:{type:{set:function(a,b){if(!l.radioValue&&"radio"===b&&n.nodeName(a,"input")){var c=a.value;return a.setAttribute("type",b),c&&(a.value=c),b}}}},removeAttr:function(a,b){var c,d,e=0,f=b&&b.match(G);if(f&&1===a.nodeType)while(c=f[e++])d=n.propFix[c]||c,n.expr.match.bool.test(c)?yb&&xb||!wb.test(c)?a[d]=!1:a[n.camelCase("default-"+c)]=a[d]=!1:n.attr(a,c,""),a.removeAttribute(xb?c:d)}}),ub={set:function(a,b,c){return b===!1?n.removeAttr(a,c):yb&&xb||!wb.test(c)?a.setAttribute(!xb&&n.propFix[c]||c,c):a[n.camelCase("default-"+c)]=a[c]=!0,c}},n.each(n.expr.match.bool.source.match(/\w+/g),function(a,b){var c=vb[b]||n.find.attr;yb&&xb||!wb.test(b)?vb[b]=function(a,b,d){var e,f;return d||(f=vb[b],vb[b]=e,e=null!=c(a,b,d)?b.toLowerCase():null,vb[b]=f),e}:vb[b]=function(a,b,c){return c?void 0:a[n.camelCase("default-"+b)]?b.toLowerCase():null}}),yb&&xb||(n.attrHooks.value={set:function(a,b,c){return n.nodeName(a,"input")?void(a.defaultValue=b):tb&&tb.set(a,b,c)}}),xb||(tb={set:function(a,b,c){var d=a.getAttributeNode(c);return d||a.setAttributeNode(d=a.ownerDocument.createAttribute(c)),d.value=b+="","value"===c||b===a.getAttribute(c)?b:void 0}},vb.id=vb.name=vb.coords=function(a,b,c){var d;return c?void 0:(d=a.getAttributeNode(b))&&""!==d.value?d.value:null},n.valHooks.button={get:function(a,b){var c=a.getAttributeNode(b);return c&&c.specified?c.value:void 0},set:tb.set},n.attrHooks.contenteditable={set:function(a,b,c){tb.set(a,""===b?!1:b,c)}},n.each(["width","height"],function(a,b){n.attrHooks[b]={set:function(a,c){return""===c?(a.setAttribute(b,"auto"),c):void 0}}})),l.style||(n.attrHooks.style={get:function(a){return a.style.cssText||void 0},set:function(a,b){return a.style.cssText=b+""}});var zb=/^(?:input|select|textarea|button|object)$/i,Ab=/^(?:a|area)$/i;n.fn.extend({prop:function(a,b){return Y(this,n.prop,a,b,arguments.length>1)},removeProp:function(a){return a=n.propFix[a]||a,this.each(function(){try{this[a]=void 0,delete this[a]}catch(b){}})}}),n.extend({prop:function(a,b,c){var d,e,f=a.nodeType;if(3!==f&&8!==f&&2!==f)return 1===f&&n.isXMLDoc(a)||(b=n.propFix[b]||b,e=n.propHooks[b]),void 0!==c?e&&"set"in e&&void 0!==(d=e.set(a,c,b))?d:a[b]=c:e&&"get"in e&&null!==(d=e.get(a,b))?d:a[b]},propHooks:{tabIndex:{get:function(a){var b=n.find.attr(a,"tabindex");return b?parseInt(b,10):zb.test(a.nodeName)||Ab.test(a.nodeName)&&a.href?0:-1}}},propFix:{"for":"htmlFor","class":"className"}}),l.hrefNormalized||n.each(["href","src"],function(a,b){n.propHooks[b]={get:function(a){return a.getAttribute(b,4)}}}),l.optSelected||(n.propHooks.selected={get:function(a){var b=a.parentNode;return b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex),null},set:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex)}}),n.each(["tabIndex","readOnly","maxLength","cellSpacing","cellPadding","rowSpan","colSpan","useMap","frameBorder","contentEditable"],function(){n.propFix[this.toLowerCase()]=this}),l.enctype||(n.propFix.enctype="encoding");var Bb=/[\t\r\n\f]/g;function Cb(a){return n.attr(a,"class")||""}n.fn.extend({addClass:function(a){var b,c,d,e,f,g,h,i=0;if(n.isFunction(a))return this.each(function(b){n(this).addClass(a.call(this,b,Cb(this)))});if("string"==typeof a&&a){b=a.match(G)||[];while(c=this[i++])if(e=Cb(c),d=1===c.nodeType&&(" "+e+" ").replace(Bb," ")){g=0;while(f=b[g++])d.indexOf(" "+f+" ")<0&&(d+=f+" ");h=n.trim(d),e!==h&&n.attr(c,"class",h)}}return this},removeClass:function(a){var b,c,d,e,f,g,h,i=0;if(n.isFunction(a))return this.each(function(b){n(this).removeClass(a.call(this,b,Cb(this)))});if(!arguments.length)return this.attr("class","");if("string"==typeof a&&a){b=a.match(G)||[];while(c=this[i++])if(e=Cb(c),d=1===c.nodeType&&(" "+e+" ").replace(Bb," ")){g=0;while(f=b[g++])while(d.indexOf(" "+f+" ")>-1)d=d.replace(" "+f+" "," ");h=n.trim(d),e!==h&&n.attr(c,"class",h)}}return this},toggleClass:function(a,b){var c=typeof a;return"boolean"==typeof b&&"string"===c?b?this.addClass(a):this.removeClass(a):n.isFunction(a)?this.each(function(c){n(this).toggleClass(a.call(this,c,Cb(this),b),b)}):this.each(function(){var b,d,e,f;if("string"===c){d=0,e=n(this),f=a.match(G)||[];while(b=f[d++])e.hasClass(b)?e.removeClass(b):e.addClass(b)}else void 0!==a&&"boolean"!==c||(b=Cb(this),b&&n._data(this,"__className__",b),n.attr(this,"class",b||a===!1?"":n._data(this,"__className__")||""))})},hasClass:function(a){var b,c,d=0;b=" "+a+" ";while(c=this[d++])if(1===c.nodeType&&(" "+Cb(c)+" ").replace(Bb," ").indexOf(b)>-1)return!0;return!1}}),n.each("blur focus focusin focusout load resize scroll unload click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup error contextmenu".split(" "),function(a,b){n.fn[b]=function(a,c){return arguments.length>0?this.on(b,null,a,c):this.trigger(b)}}),n.fn.extend({hover:function(a,b){return this.mouseenter(a).mouseleave(b||a)}});var Db=a.location,Eb=n.now(),Fb=/\?/,Gb=/(,)|(\[|{)|(}|])|"(?:[^"\\\r\n]|\\["\\\/bfnrt]|\\u[\da-fA-F]{4})*"\s*:?|true|false|null|-?(?!0\d)\d+(?:\.\d+|)(?:[eE][+-]?\d+|)/g;n.parseJSON=function(b){if(a.JSON&&a.JSON.parse)return a.JSON.parse(b+"");var c,d=null,e=n.trim(b+"");return e&&!n.trim(e.replace(Gb,function(a,b,e,f){return c&&b&&(d=0),0===d?a:(c=e||b,d+=!f-!e,"")}))?Function("return "+e)():n.error("Invalid JSON: "+b)},n.parseXML=function(b){var c,d;if(!b||"string"!=typeof b)return null;try{a.DOMParser?(d=new a.DOMParser,c=d.parseFromString(b,"text/xml")):(c=new a.ActiveXObject("Microsoft.XMLDOM"),c.async="false",c.loadXML(b))}catch(e){c=void 0}return c&&c.documentElement&&!c.getElementsByTagName("parsererror").length||n.error("Invalid XML: "+b),c};var Hb=/#.*$/,Ib=/([?&])_=[^&]*/,Jb=/^(.*?):[ \t]*([^\r\n]*)\r?$/gm,Kb=/^(?:about|app|app-storage|.+-extension|file|res|widget):$/,Lb=/^(?:GET|HEAD)$/,Mb=/^\/\//,Nb=/^([\w.+-]+:)(?:\/\/(?:[^\/?#]*@|)([^\/?#:]*)(?::(\d+)|)|)/,Ob={},Pb={},Qb="*/".concat("*"),Rb=Db.href,Sb=Nb.exec(Rb.toLowerCase())||[];function Tb(a){return function(b,c){"string"!=typeof b&&(c=b,b="*");var d,e=0,f=b.toLowerCase().match(G)||[];if(n.isFunction(c))while(d=f[e++])"+"===d.charAt(0)?(d=d.slice(1)||"*",(a[d]=a[d]||[]).unshift(c)):(a[d]=a[d]||[]).push(c)}}function Ub(a,b,c,d){var e={},f=a===Pb;function g(h){var i;return e[h]=!0,n.each(a[h]||[],function(a,h){var j=h(b,c,d);return"string"!=typeof j||f||e[j]?f?!(i=j):void 0:(b.dataTypes.unshift(j),g(j),!1)}),i}return g(b.dataTypes[0])||!e["*"]&&g("*")}function Vb(a,b){var c,d,e=n.ajaxSettings.flatOptions||{};for(d in b)void 0!==b[d]&&((e[d]?a:c||(c={}))[d]=b[d]);return c&&n.extend(!0,a,c),a}function Wb(a,b,c){var d,e,f,g,h=a.contents,i=a.dataTypes;while("*"===i[0])i.shift(),void 0===e&&(e=a.mimeType||b.getResponseHeader("Content-Type"));if(e)for(g in h)if(h[g]&&h[g].test(e)){i.unshift(g);break}if(i[0]in c)f=i[0];else{for(g in c){if(!i[0]||a.converters[g+" "+i[0]]){f=g;break}d||(d=g)}f=f||d}return f?(f!==i[0]&&i.unshift(f),c[f]):void 0}function Xb(a,b,c,d){var e,f,g,h,i,j={},k=a.dataTypes.slice();if(k[1])for(g in a.converters)j[g.toLowerCase()]=a.converters[g];f=k.shift();while(f)if(a.responseFields[f]&&(c[a.responseFields[f]]=b),!i&&d&&a.dataFilter&&(b=a.dataFilter(b,a.dataType)),i=f,f=k.shift())if("*"===f)f=i;else if("*"!==i&&i!==f){if(g=j[i+" "+f]||j["* "+f],!g)for(e in j)if(h=e.split(" "),h[1]===f&&(g=j[i+" "+h[0]]||j["* "+h[0]])){g===!0?g=j[e]:j[e]!==!0&&(f=h[0],k.unshift(h[1]));break}if(g!==!0)if(g&&a["throws"])b=g(b);else try{b=g(b)}catch(l){return{state:"parsererror",error:g?l:"No conversion from "+i+" to "+f}}}return{state:"success",data:b}}n.extend({active:0,lastModified:{},etag:{},ajaxSettings:{url:Rb,type:"GET",isLocal:Kb.test(Sb[1]),global:!0,processData:!0,async:!0,contentType:"application/x-www-form-urlencoded; charset=UTF-8",accepts:{"*":Qb,text:"text/plain",html:"text/html",xml:"application/xml, text/xml",json:"application/json, text/javascript"},contents:{xml:/\bxml\b/,html:/\bhtml/,json:/\bjson\b/},responseFields:{xml:"responseXML",text:"responseText",json:"responseJSON"},converters:{"* text":String,"text html":!0,"text json":n.parseJSON,"text xml":n.parseXML},flatOptions:{url:!0,context:!0}},ajaxSetup:function(a,b){return b?Vb(Vb(a,n.ajaxSettings),b):Vb(n.ajaxSettings,a)},ajaxPrefilter:Tb(Ob),ajaxTransport:Tb(Pb),ajax:function(b,c){"object"==typeof b&&(c=b,b=void 0),c=c||{};var d,e,f,g,h,i,j,k,l=n.ajaxSetup({},c),m=l.context||l,o=l.context&&(m.nodeType||m.jquery)?n(m):n.event,p=n.Deferred(),q=n.Callbacks("once memory"),r=l.statusCode||{},s={},t={},u=0,v="canceled",w={readyState:0,getResponseHeader:function(a){var b;if(2===u){if(!k){k={};while(b=Jb.exec(g))k[b[1].toLowerCase()]=b[2]}b=k[a.toLowerCase()]}return null==b?null:b},getAllResponseHeaders:function(){return 2===u?g:null},setRequestHeader:function(a,b){var c=a.toLowerCase();return u||(a=t[c]=t[c]||a,s[a]=b),this},overrideMimeType:function(a){return u||(l.mimeType=a),this},statusCode:function(a){var b;if(a)if(2>u)for(b in a)r[b]=[r[b],a[b]];else w.always(a[w.status]);return this},abort:function(a){var b=a||v;return j&&j.abort(b),y(0,b),this}};if(p.promise(w).complete=q.add,w.success=w.done,w.error=w.fail,l.url=((b||l.url||Rb)+"").replace(Hb,"").replace(Mb,Sb[1]+"//"),l.type=c.method||c.type||l.method||l.type,l.dataTypes=n.trim(l.dataType||"*").toLowerCase().match(G)||[""],null==l.crossDomain&&(d=Nb.exec(l.url.toLowerCase()),l.crossDomain=!(!d||d[1]===Sb[1]&&d[2]===Sb[2]&&(d[3]||("http:"===d[1]?"80":"443"))===(Sb[3]||("http:"===Sb[1]?"80":"443")))),l.data&&l.processData&&"string"!=typeof l.data&&(l.data=n.param(l.data,l.traditional)),Ub(Ob,l,c,w),2===u)return w;i=n.event&&l.global,i&&0===n.active++&&n.event.trigger("ajaxStart"),l.type=l.type.toUpperCase(),l.hasContent=!Lb.test(l.type),f=l.url,l.hasContent||(l.data&&(f=l.url+=(Fb.test(f)?"&":"?")+l.data,delete l.data),l.cache===!1&&(l.url=Ib.test(f)?f.replace(Ib,"$1_="+Eb++):f+(Fb.test(f)?"&":"?")+"_="+Eb++)),l.ifModified&&(n.lastModified[f]&&w.setRequestHeader("If-Modified-Since",n.lastModified[f]),n.etag[f]&&w.setRequestHeader("If-None-Match",n.etag[f])),(l.data&&l.hasContent&&l.contentType!==!1||c.contentType)&&w.setRequestHeader("Content-Type",l.contentType),w.setRequestHeader("Accept",l.dataTypes[0]&&l.accepts[l.dataTypes[0]]?l.accepts[l.dataTypes[0]]+("*"!==l.dataTypes[0]?", "+Qb+"; q=0.01":""):l.accepts["*"]);for(e in l.headers)w.setRequestHeader(e,l.headers[e]);if(l.beforeSend&&(l.beforeSend.call(m,w,l)===!1||2===u))return w.abort();v="abort";for(e in{success:1,error:1,complete:1})w[e](l[e]);if(j=Ub(Pb,l,c,w)){if(w.readyState=1,i&&o.trigger("ajaxSend",[w,l]),2===u)return w;l.async&&l.timeout>0&&(h=a.setTimeout(function(){w.abort("timeout")},l.timeout));try{u=1,j.send(s,y)}catch(x){if(!(2>u))throw x;y(-1,x)}}else y(-1,"No Transport");function y(b,c,d,e){var k,s,t,v,x,y=c;2!==u&&(u=2,h&&a.clearTimeout(h),j=void 0,g=e||"",w.readyState=b>0?4:0,k=b>=200&&300>b||304===b,d&&(v=Wb(l,w,d)),v=Xb(l,v,w,k),k?(l.ifModified&&(x=w.getResponseHeader("Last-Modified"),x&&(n.lastModified[f]=x),x=w.getResponseHeader("etag"),x&&(n.etag[f]=x)),204===b||"HEAD"===l.type?y="nocontent":304===b?y="notmodified":(y=v.state,s=v.data,t=v.error,k=!t)):(t=y,!b&&y||(y="error",0>b&&(b=0))),w.status=b,w.statusText=(c||y)+"",k?p.resolveWith(m,[s,y,w]):p.rejectWith(m,[w,y,t]),w.statusCode(r),r=void 0,i&&o.trigger(k?"ajaxSuccess":"ajaxError",[w,l,k?s:t]),q.fireWith(m,[w,y]),i&&(o.trigger("ajaxComplete",[w,l]),--n.active||n.event.trigger("ajaxStop")))}return w},getJSON:function(a,b,c){return n.get(a,b,c,"json")},getScript:function(a,b){return n.get(a,void 0,b,"script")}}),n.each(["get","post"],function(a,b){n[b]=function(a,c,d,e){return n.isFunction(c)&&(e=e||d,d=c,c=void 0),n.ajax(n.extend({url:a,type:b,dataType:e,data:c,success:d},n.isPlainObject(a)&&a))}}),n._evalUrl=function(a){return n.ajax({url:a,type:"GET",dataType:"script",cache:!0,async:!1,global:!1,"throws":!0})},n.fn.extend({wrapAll:function(a){if(n.isFunction(a))return this.each(function(b){n(this).wrapAll(a.call(this,b))});if(this[0]){var b=n(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&1===a.firstChild.nodeType)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){return n.isFunction(a)?this.each(function(b){n(this).wrapInner(a.call(this,b))}):this.each(function(){var b=n(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){var b=n.isFunction(a);return this.each(function(c){n(this).wrapAll(b?a.call(this,c):a)})},unwrap:function(){return this.parent().each(function(){n.nodeName(this,"body")||n(this).replaceWith(this.childNodes)}).end()}});function Yb(a){return a.style&&a.style.display||n.css(a,"display")}function Zb(a){if(!n.contains(a.ownerDocument||d,a))return!0;while(a&&1===a.nodeType){if("none"===Yb(a)||"hidden"===a.type)return!0;a=a.parentNode}return!1}n.expr.filters.hidden=function(a){return l.reliableHiddenOffsets()?a.offsetWidth<=0&&a.offsetHeight<=0&&!a.getClientRects().length:Zb(a)},n.expr.filters.visible=function(a){return!n.expr.filters.hidden(a)};var $b=/%20/g,_b=/\[\]$/,ac=/\r?\n/g,bc=/^(?:submit|button|image|reset|file)$/i,cc=/^(?:input|select|textarea|keygen)/i;function dc(a,b,c,d){var e;if(n.isArray(b))n.each(b,function(b,e){c||_b.test(a)?d(a,e):dc(a+"["+("object"==typeof e&&null!=e?b:"")+"]",e,c,d)});else if(c||"object"!==n.type(b))d(a,b);else for(e in b)dc(a+"["+e+"]",b[e],c,d)}n.param=function(a,b){var c,d=[],e=function(a,b){b=n.isFunction(b)?b():null==b?"":b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};if(void 0===b&&(b=n.ajaxSettings&&n.ajaxSettings.traditional),n.isArray(a)||a.jquery&&!n.isPlainObject(a))n.each(a,function(){e(this.name,this.value)});else for(c in a)dc(c,a[c],b,e);return d.join("&").replace($b,"+")},n.fn.extend({serialize:function(){return n.param(this.serializeArray())},serializeArray:function(){return this.map(function(){var a=n.prop(this,"elements");return a?n.makeArray(a):this}).filter(function(){var a=this.type;return this.name&&!n(this).is(":disabled")&&cc.test(this.nodeName)&&!bc.test(a)&&(this.checked||!Z.test(a))}).map(function(a,b){var c=n(this).val();return null==c?null:n.isArray(c)?n.map(c,function(a){return{name:b.name,value:a.replace(ac,"\r\n")}}):{name:b.name,value:c.replace(ac,"\r\n")}}).get()}}),n.ajaxSettings.xhr=void 0!==a.ActiveXObject?function(){return this.isLocal?ic():d.documentMode>8?hc():/^(get|post|head|put|delete|options)$/i.test(this.type)&&hc()||ic()}:hc;var ec=0,fc={},gc=n.ajaxSettings.xhr();a.attachEvent&&a.attachEvent("onunload",function(){for(var a in fc)fc[a](void 0,!0)}),l.cors=!!gc&&"withCredentials"in gc,gc=l.ajax=!!gc,gc&&n.ajaxTransport(function(b){if(!b.crossDomain||l.cors){var c;return{send:function(d,e){var f,g=b.xhr(),h=++ec;if(g.open(b.type,b.url,b.async,b.username,b.password),b.xhrFields)for(f in b.xhrFields)g[f]=b.xhrFields[f];b.mimeType&&g.overrideMimeType&&g.overrideMimeType(b.mimeType),b.crossDomain||d["X-Requested-With"]||(d["X-Requested-With"]="XMLHttpRequest");for(f in d)void 0!==d[f]&&g.setRequestHeader(f,d[f]+"");g.send(b.hasContent&&b.data||null),c=function(a,d){var f,i,j;if(c&&(d||4===g.readyState))if(delete fc[h],c=void 0,g.onreadystatechange=n.noop,d)4!==g.readyState&&g.abort();else{j={},f=g.status,"string"==typeof g.responseText&&(j.text=g.responseText);try{i=g.statusText}catch(k){i=""}f||!b.isLocal||b.crossDomain?1223===f&&(f=204):f=j.text?200:404}j&&e(f,i,j,g.getAllResponseHeaders())},b.async?4===g.readyState?a.setTimeout(c):g.onreadystatechange=fc[h]=c:c()},abort:function(){c&&c(void 0,!0)}}}});function hc(){try{return new a.XMLHttpRequest}catch(b){}}function ic(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}n.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/\b(?:java|ecma)script\b/},converters:{"text script":function(a){return n.globalEval(a),a}}}),n.ajaxPrefilter("script",function(a){void 0===a.cache&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),n.ajaxTransport("script",function(a){if(a.crossDomain){var b,c=d.head||n("head")[0]||d.documentElement;return{send:function(e,f){b=d.createElement("script"),b.async=!0,a.scriptCharset&&(b.charset=a.scriptCharset),b.src=a.url,b.onload=b.onreadystatechange=function(a,c){(c||!b.readyState||/loaded|complete/.test(b.readyState))&&(b.onload=b.onreadystatechange=null,b.parentNode&&b.parentNode.removeChild(b),b=null,c||f(200,"success"))},c.insertBefore(b,c.firstChild)},abort:function(){b&&b.onload(void 0,!0)}}}});var jc=[],kc=/(=)\?(?=&|$)|\?\?/;n.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var a=jc.pop()||n.expando+"_"+Eb++;return this[a]=!0,a}}),n.ajaxPrefilter("json jsonp",function(b,c,d){var e,f,g,h=b.jsonp!==!1&&(kc.test(b.url)?"url":"string"==typeof b.data&&0===(b.contentType||"").indexOf("application/x-www-form-urlencoded")&&kc.test(b.data)&&"data");return h||"jsonp"===b.dataTypes[0]?(e=b.jsonpCallback=n.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,h?b[h]=b[h].replace(kc,"$1"+e):b.jsonp!==!1&&(b.url+=(Fb.test(b.url)?"&":"?")+b.jsonp+"="+e),b.converters["script json"]=function(){return g||n.error(e+" was not called"),g[0]},b.dataTypes[0]="json",f=a[e],a[e]=function(){g=arguments},d.always(function(){void 0===f?n(a).removeProp(e):a[e]=f,b[e]&&(b.jsonpCallback=c.jsonpCallback,jc.push(e)),g&&n.isFunction(f)&&f(g[0]),g=f=void 0}),"script"):void 0}),n.parseHTML=function(a,b,c){if(!a||"string"!=typeof a)return null;"boolean"==typeof b&&(c=b,b=!1),b=b||d;var e=x.exec(a),f=!c&&[];return e?[b.createElement(e[1])]:(e=ja([a],b,f),f&&f.length&&n(f).remove(),n.merge([],e.childNodes))};var lc=n.fn.load;n.fn.load=function(a,b,c){if("string"!=typeof a&&lc)return lc.apply(this,arguments);var d,e,f,g=this,h=a.indexOf(" ");return h>-1&&(d=n.trim(a.slice(h,a.length)),a=a.slice(0,h)),n.isFunction(b)?(c=b,b=void 0):b&&"object"==typeof b&&(e="POST"),g.length>0&&n.ajax({url:a,type:e||"GET",dataType:"html",data:b}).done(function(a){f=arguments,g.html(d?n("<div>").append(n.parseHTML(a)).find(d):a)}).always(c&&function(a,b){g.each(function(){c.apply(this,f||[a.responseText,b,a])})}),this},n.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(a,b){n.fn[b]=function(a){return this.on(b,a)}}),n.expr.filters.animated=function(a){return n.grep(n.timers,function(b){return a===b.elem}).length};function mc(a){return n.isWindow(a)?a:9===a.nodeType?a.defaultView||a.parentWindow:!1}n.offset={setOffset:function(a,b,c){var d,e,f,g,h,i,j,k=n.css(a,"position"),l=n(a),m={};"static"===k&&(a.style.position="relative"),h=l.offset(),f=n.css(a,"top"),i=n.css(a,"left"),j=("absolute"===k||"fixed"===k)&&n.inArray("auto",[f,i])>-1,j?(d=l.position(),g=d.top,e=d.left):(g=parseFloat(f)||0,e=parseFloat(i)||0),n.isFunction(b)&&(b=b.call(a,c,n.extend({},h))),null!=b.top&&(m.top=b.top-h.top+g),null!=b.left&&(m.left=b.left-h.left+e),"using"in b?b.using.call(a,m):l.css(m)}},n.fn.extend({offset:function(a){if(arguments.length)return void 0===a?this:this.each(function(b){n.offset.setOffset(this,a,b)});var b,c,d={top:0,left:0},e=this[0],f=e&&e.ownerDocument;if(f)return b=f.documentElement,n.contains(b,e)?("undefined"!=typeof e.getBoundingClientRect&&(d=e.getBoundingClientRect()),c=mc(f),{top:d.top+(c.pageYOffset||b.scrollTop)-(b.clientTop||0),left:d.left+(c.pageXOffset||b.scrollLeft)-(b.clientLeft||0)}):d},position:function(){if(this[0]){var a,b,c={top:0,left:0},d=this[0];return"fixed"===n.css(d,"position")?b=d.getBoundingClientRect():(a=this.offsetParent(),b=this.offset(),n.nodeName(a[0],"html")||(c=a.offset()),c.top+=n.css(a[0],"borderTopWidth",!0),c.left+=n.css(a[0],"borderLeftWidth",!0)),{top:b.top-c.top-n.css(d,"marginTop",!0),left:b.left-c.left-n.css(d,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var a=this.offsetParent;while(a&&!n.nodeName(a,"html")&&"static"===n.css(a,"position"))a=a.offsetParent;return a||Qa})}}),n.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(a,b){var c=/Y/.test(b);n.fn[a]=function(d){return Y(this,function(a,d,e){var f=mc(a);return void 0===e?f?b in f?f[b]:f.document.documentElement[d]:a[d]:void(f?f.scrollTo(c?n(f).scrollLeft():e,c?e:n(f).scrollTop()):a[d]=e)},a,d,arguments.length,null)}}),n.each(["top","left"],function(a,b){n.cssHooks[b]=Ua(l.pixelPosition,function(a,c){return c?(c=Sa(a,b),Oa.test(c)?n(a).position()[b]+"px":c):void 0})}),n.each({Height:"height",Width:"width"},function(a,b){n.each({ padding:"inner"+a,content:b,"":"outer"+a},function(c,d){n.fn[d]=function(d,e){var f=arguments.length&&(c||"boolean"!=typeof d),g=c||(d===!0||e===!0?"margin":"border");return Y(this,function(b,c,d){var e;return n.isWindow(b)?b.document.documentElement["client"+a]:9===b.nodeType?(e=b.documentElement,Math.max(b.body["scroll"+a],e["scroll"+a],b.body["offset"+a],e["offset"+a],e["client"+a])):void 0===d?n.css(b,c,g):n.style(b,c,d,g)},b,f?d:void 0,f,null)}})}),n.fn.extend({bind:function(a,b,c){return this.on(a,null,b,c)},unbind:function(a,b){return this.off(a,null,b)},delegate:function(a,b,c,d){return this.on(b,a,c,d)},undelegate:function(a,b,c){return 1===arguments.length?this.off(a,"**"):this.off(b,a||"**",c)}}),n.fn.size=function(){return this.length},n.fn.andSelf=n.fn.addBack,"function"==typeof define&&define.amd&&define("jquery",[],function(){return n});var nc=a.jQuery,oc=a.$;return n.noConflict=function(b){return a.$===n&&(a.$=oc),b&&a.jQuery===n&&(a.jQuery=nc),n},b||(a.jQuery=a.$=n),n}); (function($){var Node,Tree,methods;Node=(function(){function Node(row,tree,settings){var parentId;this.row=row;this.tree=tree;this.settings=settings;this.id=this.row.data(this.settings.nodeIdAttr);parentId=this.row.data(this.settings.parentIdAttr);if(parentId!=null&&parentId!=="")this.parentId=parentId;this.treeCell=$(this.row.children(this.settings.columnElType)[this.settings.column]);this.expander=$(this.settings.expanderTemplate);this.indenter=$(this.settings.indenterTemplate);this.children=[];this.initialized=false;this.treeCell.prepend(this.indenter);}Node.prototype.addChild=function(child){return this.children.push(child);};Node.prototype.ancestors=function(){var ancestors,node;node=this;ancestors=[];while(node=node.parentNode())ancestors.push(node);return ancestors;};Node.prototype.collapse=function(){if(this.collapsed())return this;this.row.removeClass("expanded").addClass("collapsed");this._hideChildren();this.expander.attr("title",this.settings.stringExpand);if(this.initialized&&this.settings.onNodeCollapse!=null)this.settings.onNodeCollapse.apply(this);return this;};Node.prototype.collapsed=function(){return this.row.hasClass("collapsed");};Node.prototype.expand=function(){if(this.expanded())return this;this.row.removeClass("collapsed").addClass("expanded");if(this.initialized&&this.settings.onNodeExpand!=null)this.settings.onNodeExpand.apply(this);if($(this.row).is(":visible"))this._showChildren();this.expander.attr("title",this.settings.stringCollapse);return this;};Node.prototype.expanded=function(){return this.row.hasClass("expanded");};Node.prototype.hide=function(){this._hideChildren();this.row.hide();return this;};Node.prototype.isBranchNode=function(){if(this.children.length>0||this.row.data(this.settings.branchAttr)===true)return true;else return false;};Node.prototype.updateBranchLeafClass=function(){this.row.removeClass('branch');this.row.removeClass('leaf');this.row.addClass(this.isBranchNode()?'branch':'leaf');};Node.prototype.level=function(){return this.ancestors().length;};Node.prototype.parentNode=function(){if(this.parentId!=null)return this.tree[this.parentId];else return null;};Node.prototype.removeChild=function(child){var i=$.inArray(child,this.children);return this.children.splice(i,1);};Node.prototype.render=function(){var handler,settings=this.settings,target;if(settings.expandable===true&&this.isBranchNode()){handler=function(e){$(this).parents("table").treetable("node",$(this).parents("tr").data(settings.nodeIdAttr)).toggle();return e.preventDefault();};this.indenter.html(this.expander);target=settings.clickableNodeNames===true?this.treeCell:this.expander;target.off("click.treetable").on("click.treetable",handler);target.off("keydown.treetable").on("keydown.treetable",function(e){if(e.keyCode==13)handler.apply(this,[e]);});}this.indenter[0].style.paddingLeft=""+(this.level()*settings.indent)+"px";return this;};Node.prototype.reveal=function(){if(this.parentId!=null)this.parentNode().reveal();return this.expand();};Node.prototype.setParent=function(node){if(this.parentId!=null)this.tree[this.parentId].removeChild(this);this.parentId=node.id;this.row.data(this.settings.parentIdAttr,node.id);return node.addChild(this);};Node.prototype.show=function(){if(!this.initialized)this._initialize();this.row.show();if(this.expanded())this._showChildren();return this;};Node.prototype.toggle=function(){if(this.expanded())this.collapse();else this.expand();return this;};Node.prototype._hideChildren=function(){var child,_i,_len,_ref,_results;_ref=this.children;_results=[];for(_i=0,_len=_ref.length;_i<_len;_i++){child=_ref[_i];_results.push(child.hide());}return _results;};Node.prototype._initialize=function(){var settings=this.settings;this.render();if(settings.expandable===true&&settings.initialState==="collapsed")this.collapse();else this.expand();if(settings.onNodeInitialized!=null)settings.onNodeInitialized.apply(this);return this.initialized=true;};Node.prototype._showChildren=function(){var child,_i,_len,_ref,_results;_ref=this.children;_results=[];for(_i=0,_len=_ref.length;_i<_len;_i++){child=_ref[_i];_results.push(child.show());}return _results;};return Node;})();Tree=(function(){function Tree(table,settings){this.table=table;this.settings=settings;this.tree={};this.nodes=[];this.roots=[];}Tree.prototype.collapseAll=function(){var node,_i,_len,_ref,_results;_ref=this.nodes;_results=[];for(_i=0,_len=_ref.length;_i<_len;_i++){node=_ref[_i];_results.push(node.collapse());}return _results;};Tree.prototype.expandAll=function(){var node,_i,_len,_ref,_results;_ref=this.nodes;_results=[];for(_i=0,_len=_ref.length;_i<_len;_i++){node=_ref[_i];_results.push(node.expand());}return _results;};Tree.prototype.findLastNode=function(node){if(node.children.length>0)return this.findLastNode(node.children[node.children.length-1]);else return node;};Tree.prototype.loadRows=function(rows){var node,row,i;if(rows!=null)for(i=0;i<rows.length;i++){row=$(rows[i]);if(row.data(this.settings.nodeIdAttr)!=null){node=new Node(row,this.tree,this.settings);this.nodes.push(node);this.tree[node.id]=node;if(node.parentId!=null&&this.tree[node.parentId])this.tree[node.parentId].addChild(node);else this.roots.push(node);}}for(i=0;i<this.nodes.length;i++)node=this.nodes[i].updateBranchLeafClass();return this;};Tree.prototype.move=function(node,destination){var nodeParent=node.parentNode();if(node!==destination&&destination.id!==node.parentId&&$.inArray(node,destination.ancestors())===-1){node.setParent(destination);this._moveRows(node,destination);if(node.parentNode().children.length===1)node.parentNode().render();}if(nodeParent)nodeParent.updateBranchLeafClass();if(node.parentNode())node.parentNode().updateBranchLeafClass();node.updateBranchLeafClass();return this;};Tree.prototype.removeNode=function(node){this.unloadBranch(node);node.row.remove();if(node.parentId!=null)node.parentNode().removeChild(node);delete this.tree[node.id];this.nodes.splice($.inArray(node,this.nodes),1);return this;};Tree.prototype.render=function(){var root,_i,_len,_ref;_ref=this.roots;for(_i=0,_len=_ref.length;_i<_len;_i++){root=_ref[_i];root.show();}return this;};Tree.prototype.sortBranch=function(node,sortFun){node.children.sort(sortFun);this._sortChildRows(node);return this;};Tree.prototype.unloadBranch=function(node){var children=node.children.slice(0),i;for(i=0;i<children.length;i++)this.removeNode(children[i]);node.children=[];node.updateBranchLeafClass();return this;};Tree.prototype._moveRows=function(node,destination){var children=node.children,i;node.row.insertAfter(destination.row);node.render();for(i=children.length-1;i>=0;i--)this._moveRows(children[i],node);};Tree.prototype._sortChildRows=function(parentNode){return this._moveRows(parentNode,parentNode);};return Tree;})();methods={init:function(options,force){var settings;settings=$.extend({branchAttr:"ttBranch",clickableNodeNames:false,column:0,columnElType:"td",expandable:false,expanderTemplate:"<a href='#'> </a>",indent:19,indenterTemplate:"<span class='indenter'></span>",initialState:"collapsed",nodeIdAttr:"ttId",parentIdAttr:"ttParentId",stringExpand:"Expand",stringCollapse:"Collapse",onInitialized:null,onNodeCollapse:null,onNodeExpand:null,onNodeInitialized:null},options);return this.each(function(){var el=$(this),tree;if(force||el.data("treetable")===undefined){tree=new Tree(this,settings);tree.loadRows(this.rows).render();el.addClass("treetable").data("treetable",tree);if(settings.onInitialized!=null)settings.onInitialized.apply(tree);}return el;});},destroy:function(){return this.each(function(){return $(this).removeData("treetable").removeClass("treetable");});},collapseAll:function(){this.data("treetable").collapseAll();return this;},collapseNode:function(id){var node=this.data("treetable").tree[id];if(node)node.collapse();else throw new Error("Unknown node '"+id+"'");return this;},expandAll:function(){this.data("treetable").expandAll();return this;},expandNode:function(id){var node=this.data("treetable").tree[id];if(node){if(!node.initialized)node._initialize();node.expand();}else throw new Error("Unknown node '"+id+"'");return this;},loadBranch:function(node,rows){var settings=this.data("treetable").settings,tree=this.data("treetable").tree;rows=$(rows);if(node==null)this.append(rows);else{var lastNode=this.data("treetable").findLastNode(node);rows.insertAfter(lastNode.row);}this.data("treetable").loadRows(rows);rows.filter("tr").each(function(){tree[$(this).data(settings.nodeIdAttr)].show();});if(node!=null)node.render().expand();return this;},move:function(nodeId,destinationId){var destination,node;node=this.data("treetable").tree[nodeId];destination=this.data("treetable").tree[destinationId];this.data("treetable").move(node,destination);return this;},node:function(id){return this.data("treetable").tree[id];},removeNode:function(id){var node=this.data("treetable").tree[id];if(node)this.data("treetable").removeNode(node);else throw new Error("Unknown node '"+id+"'");return this;},reveal:function(id){var node=this.data("treetable").tree[id];if(node)node.reveal();else throw new Error("Unknown node '"+id+"'");return this;},sortBranch:function(node,columnOrFunction){var settings=this.data("treetable").settings,prepValue,sortFun;columnOrFunction=columnOrFunction||settings.column;sortFun=columnOrFunction;if($.isNumeric(columnOrFunction))sortFun=function(a,b){var extractValue,valA,valB;extractValue=function(node){var val=node.row.find("td:eq("+columnOrFunction+")").text();return $.trim(val).toUpperCase();};valA=extractValue(a);valB=extractValue(b);if(valA<valB)return -1;if(valA>valB)return 1;return 0;};this.data("treetable").sortBranch(node,sortFun);return this;},unloadBranch:function(node){this.data("treetable").unloadBranch(node);return this;}};$.fn.treetable=function(method){if(methods[method])return methods[method].apply(this,Array.prototype.slice.call(arguments,1));else if(typeof method==='object'||!method)return methods.init.apply(this,arguments);else return $.error("Method "+method+" does not exist on jQuery.treetable");};this.TreeTable||(this.TreeTable={});this.TreeTable.Node=Node;this.TreeTable.Tree=Tree;})(jQuery);if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");+function(t){"use strict";var e=t.fn.jquery.split(" ")[0].split(".");if(e[0]<2&&e[1]<9||1==e[0]&&9==e[1]&&e[2]<1||e[0]>3)throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4");}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var i=t(this),o=i.data("bs.alert");o||i.data("bs.alert",o=new n(this)),"string"==typeof e&&o[e].call(i);});}var i='[data-dismiss="alert"]',n=function(e){t(e).on("click",i,this.close);};n.VERSION="3.3.7",n.TRANSITION_DURATION=150,n.prototype.close=function(e){function i(){a.detach().trigger("closed.bs.alert").remove();}var o=t(this),s=o.attr("data-target");s||(s=o.attr("href"),s=s&&s.replace(/.*(?=#[^\s]*$)/,""));var a=t("#"===s?[]:s);e&&e.preventDefault(),a.length||(a=o.closest(".alert")),a.trigger(e=t.Event("close.bs.alert")),e.isDefaultPrevented()||(a.removeClass("in"),t.support.transition&&a.hasClass("fade")?a.one("bsTransitionEnd",i).emulateTransitionEnd(n.TRANSITION_DURATION):i());};var o=t.fn.alert;t.fn.alert=e,t.fn.alert.Constructor=n,t.fn.alert.noConflict=function(){return t.fn.alert=o,this;},t(document).on("click.bs.alert.data-api",i,n.prototype.close);}(jQuery),+function(t){"use strict";function e(e){var i=e.attr("data-target");i||(i=e.attr("href"),i=i&&/#[A-Za-z]/.test(i)&&i.replace(/.*(?=#[^\s]*$)/,""));var n=i&&t(i);return n&&n.length?n:e.parent();}function i(i){i&&3===i.which||(t(o).remove(),t(s).each(function(){var n=t(this),o=e(n),s={relatedTarget:this};o.hasClass("open")&&(i&&"click"==i.type&&/input|textarea/i.test(i.target.tagName)&&t.contains(o[0],i.target)||(o.trigger(i=t.Event("hide.bs.dropdown",s)),i.isDefaultPrevented()||(n.attr("aria-expanded","false"),o.removeClass("open").trigger(t.Event("hidden.bs.dropdown",s)))));}));}function n(e){return this.each(function(){var i=t(this),n=i.data("bs.dropdown");n||i.data("bs.dropdown",n=new a(this)),"string"==typeof e&&n[e].call(i);});}var o=".dropdown-backdrop",s='[data-toggle="dropdown"]',a=function(e){t(e).on("click.bs.dropdown",this.toggle);};a.VERSION="3.3.7",a.prototype.toggle=function(n){var o=t(this);if(!o.is(".disabled, :disabled")){var s=e(o),a=s.hasClass("open");if(i(),!a){"ontouchstart" in document.documentElement&&!s.closest(".navbar-nav").length&&t(document.createElement("div")).addClass("dropdown-backdrop").insertAfter(t(this)).on("click",i);var r={relatedTarget:this};if(s.trigger(n=t.Event("show.bs.dropdown",r)),n.isDefaultPrevented())return;o.trigger("focus").attr("aria-expanded","true"),s.toggleClass("open").trigger(t.Event("shown.bs.dropdown",r));}return !1;}},a.prototype.keydown=function(i){if(/(38|40|27|32)/.test(i.which)&&!/input|textarea/i.test(i.target.tagName)){var n=t(this);if(i.preventDefault(),i.stopPropagation(),!n.is(".disabled, :disabled")){var o=e(n),a=o.hasClass("open");if(!a&&27!=i.which||a&&27==i.which)return 27==i.which&&o.find(s).trigger("focus"),n.trigger("click");var r=" li:not(.disabled):visible a",d=o.find(".dropdown-menu"+r);if(d.length){var l=d.index(i.target);38==i.which&&l>0&&l--,40==i.which&&l<d.length-1&&l++,~l||(l=0),d.eq(l).trigger("focus");}}}};var r=t.fn.dropdown;t.fn.dropdown=n,t.fn.dropdown.Constructor=a,t.fn.dropdown.noConflict=function(){return t.fn.dropdown=r,this;},t(document).on("click.bs.dropdown.data-api",i).on("click.bs.dropdown.data-api",".dropdown form",function(t){t.stopPropagation();}).on("click.bs.dropdown.data-api",s,a.prototype.toggle).on("keydown.bs.dropdown.data-api",s,a.prototype.keydown).on("keydown.bs.dropdown.data-api",".dropdown-menu",a.prototype.keydown);}(jQuery),+function(t){"use strict";function e(e,n){return this.each(function(){var o=t(this),s=o.data("bs.modal"),a=t.extend({},i.DEFAULTS,o.data(),"object"==typeof e&&e);s||o.data("bs.modal",s=new i(this,a)),"string"==typeof e?s[e](n):a.show&&s.show(n);});}var i=function(e,i){this.options=i,this.$body=t(document.body),this.$element=t(e),this.$dialog=this.$element.find(".modal-dialog"),this.$backdrop=null,this.isShown=null,this.originalBodyPad=null,this.scrollbarWidth=0,this.ignoreBackdropClick=!1,this.options.remote&&this.$element.find(".modal-content").load(this.options.remote,t.proxy(function(){this.$element.trigger("loaded.bs.modal");},this));};i.VERSION="3.3.7",i.TRANSITION_DURATION=300,i.BACKDROP_TRANSITION_DURATION=150,i.DEFAULTS={backdrop:!0,keyboard:!0,show:!0},i.prototype.toggle=function(t){return this.isShown?this.hide():this.show(t);},i.prototype.show=function(e){var n=this,o=t.Event("show.bs.modal",{relatedTarget:e});this.$element.trigger(o),this.isShown||o.isDefaultPrevented()||(this.isShown=!0,this.checkScrollbar(),this.setScrollbar(),this.$body.addClass("modal-open"),this.escape(),this.resize(),this.$element.on("click.dismiss.bs.modal",'[data-dismiss="modal"]',t.proxy(this.hide,this)),this.$dialog.on("mousedown.dismiss.bs.modal",function(){n.$element.one("mouseup.dismiss.bs.modal",function(e){t(e.target).is(n.$element)&&(n.ignoreBackdropClick=!0);});}),this.backdrop(function(){var o=t.support.transition&&n.$element.hasClass("fade");n.$element.parent().length||n.$element.appendTo(n.$body),n.$element.show().scrollTop(0),n.adjustDialog(),o&&n.$element[0].offsetWidth,n.$element.addClass("in"),n.enforceFocus();var s=t.Event("shown.bs.modal",{relatedTarget:e});o?n.$dialog.one("bsTransitionEnd",function(){n.$element.trigger("focus").trigger(s);}).emulateTransitionEnd(i.TRANSITION_DURATION):n.$element.trigger("focus").trigger(s);}));},i.prototype.hide=function(e){e&&e.preventDefault(),e=t.Event("hide.bs.modal"),this.$element.trigger(e),this.isShown&&!e.isDefaultPrevented()&&(this.isShown=!1,this.escape(),this.resize(),t(document).off("focusin.bs.modal"),this.$element.removeClass("in").off("click.dismiss.bs.modal").off("mouseup.dismiss.bs.modal"),this.$dialog.off("mousedown.dismiss.bs.modal"),t.support.transition&&this.$element.hasClass("fade")?this.$element.one("bsTransitionEnd",t.proxy(this.hideModal,this)).emulateTransitionEnd(i.TRANSITION_DURATION):this.hideModal());},i.prototype.enforceFocus=function(){t(document).off("focusin.bs.modal").on("focusin.bs.modal",t.proxy(function(t){document===t.target||this.$element[0]===t.target||this.$element.has(t.target).length||this.$element.trigger("focus");},this));},i.prototype.escape=function(){this.isShown&&this.options.keyboard?this.$element.on("keydown.dismiss.bs.modal",t.proxy(function(t){27==t.which&&this.hide();},this)):this.isShown||this.$element.off("keydown.dismiss.bs.modal");},i.prototype.resize=function(){this.isShown?t(window).on("resize.bs.modal",t.proxy(this.handleUpdate,this)):t(window).off("resize.bs.modal");},i.prototype.hideModal=function(){var t=this;this.$element.hide(),this.backdrop(function(){t.$body.removeClass("modal-open"),t.resetAdjustments(),t.resetScrollbar(),t.$element.trigger("hidden.bs.modal");});},i.prototype.removeBackdrop=function(){this.$backdrop&&this.$backdrop.remove(),this.$backdrop=null;},i.prototype.backdrop=function(e){var n=this,o=this.$element.hasClass("fade")?"fade":"";if(this.isShown&&this.options.backdrop){var s=t.support.transition&&o;if(this.$backdrop=t(document.createElement("div")).addClass("modal-backdrop "+o).appendTo(this.$body),this.$element.on("click.dismiss.bs.modal",t.proxy(function(t){return this.ignoreBackdropClick?void (this.ignoreBackdropClick=!1):void (t.target===t.currentTarget&&("static"==this.options.backdrop?this.$element[0].focus():this.hide()));},this)),s&&this.$backdrop[0].offsetWidth,this.$backdrop.addClass("in"),!e)return;s?this.$backdrop.one("bsTransitionEnd",e).emulateTransitionEnd(i.BACKDROP_TRANSITION_DURATION):e();}else if(!this.isShown&&this.$backdrop){this.$backdrop.removeClass("in");var a=function(){n.removeBackdrop(),e&&e();};t.support.transition&&this.$element.hasClass("fade")?this.$backdrop.one("bsTransitionEnd",a).emulateTransitionEnd(i.BACKDROP_TRANSITION_DURATION):a();}else e&&e();},i.prototype.handleUpdate=function(){this.adjustDialog();},i.prototype.adjustDialog=function(){var t=this.$element[0].scrollHeight>document.documentElement.clientHeight;this.$element.css({paddingLeft:!this.bodyIsOverflowing&&t?this.scrollbarWidth:"",paddingRight:this.bodyIsOverflowing&&!t?this.scrollbarWidth:""});},i.prototype.resetAdjustments=function(){this.$element.css({paddingLeft:"",paddingRight:""});},i.prototype.checkScrollbar=function(){var t=window.innerWidth;if(!t){var e=document.documentElement.getBoundingClientRect();t=e.right-Math.abs(e.left);}this.bodyIsOverflowing=document.body.clientWidth<t,this.scrollbarWidth=this.measureScrollbar();},i.prototype.setScrollbar=function(){var t=parseInt(this.$body.css("padding-right")||0,10);this.originalBodyPad=document.body.style.paddingRight||"",this.bodyIsOverflowing&&this.$body.css("padding-right",t+this.scrollbarWidth);},i.prototype.resetScrollbar=function(){this.$body.css("padding-right",this.originalBodyPad);},i.prototype.measureScrollbar=function(){var t=document.createElement("div");t.className="modal-scrollbar-measure",this.$body.append(t);var e=t.offsetWidth-t.clientWidth;return this.$body[0].removeChild(t),e;};var n=t.fn.modal;t.fn.modal=e,t.fn.modal.Constructor=i,t.fn.modal.noConflict=function(){return t.fn.modal=n,this;},t(document).on("click.bs.modal.data-api",'[data-toggle="modal"]',function(i){var n=t(this),o=n.attr("href"),s=t(n.attr("data-target")||o&&o.replace(/.*(?=#[^\s]+$)/,"")),a=s.data("bs.modal")?"toggle":t.extend({remote:!/#/.test(o)&&o},s.data(),n.data());n.is("a")&&i.preventDefault(),s.one("show.bs.modal",function(t){t.isDefaultPrevented()||s.one("hidden.bs.modal",function(){n.is(":visible")&&n.trigger("focus");});}),e.call(s,a,this);});}(jQuery),+function(t){"use strict";function e(e){var i,n=e.attr("data-target")||(i=e.attr("href"))&&i.replace(/.*(?=#[^\s]+$)/,"");return t(n);}function i(e){return this.each(function(){var i=t(this),o=i.data("bs.collapse"),s=t.extend({},n.DEFAULTS,i.data(),"object"==typeof e&&e);!o&&s.toggle&&/show|hide/.test(e)&&(s.toggle=!1),o||i.data("bs.collapse",o=new n(this,s)),"string"==typeof e&&o[e]();});}var n=function(e,i){this.$element=t(e),this.options=t.extend({},n.DEFAULTS,i),this.$trigger=t('[data-toggle="collapse"][href="#'+e.id+'"],[data-toggle="collapse"][data-target="#'+e.id+'"]'),this.transitioning=null,this.options.parent?this.$parent=this.getParent():this.addAriaAndCollapsedClass(this.$element,this.$trigger),this.options.toggle&&this.toggle();};n.VERSION="3.3.7",n.TRANSITION_DURATION=350,n.DEFAULTS={toggle:!0},n.prototype.dimension=function(){var t=this.$element.hasClass("width");return t?"width":"height";},n.prototype.show=function(){if(!this.transitioning&&!this.$element.hasClass("in")){var e,o=this.$parent&&this.$parent.children(".panel").children(".in, .collapsing");if(!(o&&o.length&&(e=o.data("bs.collapse"),e&&e.transitioning))){var s=t.Event("show.bs.collapse");if(this.$element.trigger(s),!s.isDefaultPrevented()){o&&o.length&&(i.call(o,"hide"),e||o.data("bs.collapse",null));var a=this.dimension();this.$element.removeClass("collapse").addClass("collapsing")[a](0).attr("aria-expanded",!0),this.$trigger.removeClass("collapsed").attr("aria-expanded",!0),this.transitioning=1;var r=function(){this.$element.removeClass("collapsing").addClass("collapse in")[a](""),this.transitioning=0,this.$element.trigger("shown.bs.collapse");};if(!t.support.transition)return r.call(this);var d=t.camelCase(["scroll",a].join("-"));this.$element.one("bsTransitionEnd",t.proxy(r,this)).emulateTransitionEnd(n.TRANSITION_DURATION)[a](this.$element[0][d]);}}}},n.prototype.hide=function(){if(!this.transitioning&&this.$element.hasClass("in")){var e=t.Event("hide.bs.collapse");if(this.$element.trigger(e),!e.isDefaultPrevented()){var i=this.dimension();this.$element[i](this.$element[i]())[0].offsetHeight,this.$element.addClass("collapsing").removeClass("collapse in").attr("aria-expanded",!1),this.$trigger.addClass("collapsed").attr("aria-expanded",!1),this.transitioning=1;var o=function(){this.transitioning=0,this.$element.removeClass("collapsing").addClass("collapse").trigger("hidden.bs.collapse");};return t.support.transition?void this.$element[i](0).one("bsTransitionEnd",t.proxy(o,this)).emulateTransitionEnd(n.TRANSITION_DURATION):o.call(this);}}},n.prototype.toggle=function(){this[this.$element.hasClass("in")?"hide":"show"]();},n.prototype.getParent=function(){return t(this.options.parent).find('[data-toggle="collapse"][data-parent="'+this.options.parent+'"]').each(t.proxy(function(i,n){var o=t(n);this.addAriaAndCollapsedClass(e(o),o);},this)).end();},n.prototype.addAriaAndCollapsedClass=function(t,e){var i=t.hasClass("in");t.attr("aria-expanded",i),e.toggleClass("collapsed",!i).attr("aria-expanded",i);};var o=t.fn.collapse;t.fn.collapse=i,t.fn.collapse.Constructor=n,t.fn.collapse.noConflict=function(){return t.fn.collapse=o,this;},t(document).on("click.bs.collapse.data-api",'[data-toggle="collapse"]',function(n){var o=t(this);o.attr("data-target")||n.preventDefault();var s=e(o),a=s.data("bs.collapse"),r=a?"toggle":o.data();i.call(s,r);});}(jQuery),+function(t){"use strict";function e(){var t=document.createElement("bootstrap"),e={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var i in e)if(void 0!==t.style[i])return{end:e[i]};return !1;}t.fn.emulateTransitionEnd=function(e){var i=!1,n=this;t(this).one("bsTransitionEnd",function(){i=!0;});var o=function(){i||t(n).trigger(t.support.transition.end);};return setTimeout(o,e),this;},t(function(){t.support.transition=e(),t.support.transition&&(t.event.special.bsTransitionEnd={bindType:t.support.transition.end,delegateType:t.support.transition.end,handle:function(e){return t(e.target).is(this)?e.handleObj.handler.apply(this,arguments):void 0;}});});}(jQuery);function openRuleDetailsDialog(rule_result_id){$("#detail-modal").remove();var closebutton=$('<button type="button" class="close btn btn-sm btn-default" data-dismiss="modal" aria-hidden="true" title="Close">❌</button>');var modal=$('<div id="detail-modal" class="modal fade" tabindex="-1" role="dialog" aria-hidden="true"><div id="detail-modal-body" class="modal-body"></div></div>');$("body").prepend(modal);var clone=$("#rule-detail-"+rule_result_id).clone();clone.attr("id","");clone.children(".panel-heading").append(closebutton);closebutton.css({"float":"right"});closebutton.css({"margin-top":"-=23px"});$("#detail-modal-body").append(clone);$("#detail-modal").modal();return false;}function toggleRuleDisplay(checkbox){var result=checkbox.value;if(checkbox.checked){$(".rule-overview-leaf-"+result).removeClass("rule-result-filtered");$(".rule-detail-"+result).removeClass("rule-result-filtered");}else{$(".rule-overview-leaf-"+result).addClass("rule-result-filtered");$(".rule-detail-"+result).addClass("rule-result-filtered");}stripeTreeTable();}function toggleResultDetails(button){var result_details=$("#result-details");if(result_details.is(":visible")){result_details.hide();$(button).html("Show all result details");}else{result_details.show();$(button).html("Hide all result details");}return false;}function ruleSearchMatches(detail_leaf,keywords){if(keywords.length==0)return true;var match=true;var checked_keywords=detail_leaf.children(".keywords").text().toLowerCase();var index;for(index=0;index<keywords.length;++index)if(checked_keywords.indexOf(keywords[index].toLowerCase())<0){match=false;break;}return match;}function ruleSearch(){var search_input=$("#search-input").val();var keywords=search_input.split(/[\s,\.;]+/);var matches=0;$(".rule-detail").each(function(){var rrid=$(this).attr("id").substring(12);var overview_leaf=$("#rule-overview-leaf-"+rrid);var detail_leaf=$(this);if(ruleSearchMatches(detail_leaf,keywords)){overview_leaf.removeClass("search-no-match");detail_leaf.removeClass("search-no-match");++matches;}else{overview_leaf.addClass("search-no-match");detail_leaf.addClass("search-no-match");}});if(!search_input)$("#search-matches").html("");else if(matches>0)$("#search-matches").html(matches.toString()+" rules match.");else $("#search-matches").html("No rules match your search criteria!");}var is_original=true;var original_treetable=null;$(document).ready(function(){$("#result-details").hide();$(".js-only").show();$(".form-group select").val("default");$(".toggle-rule-display").each(function(){toggleRuleDisplay(this);});original_treetable=$(".treetable").clone();$(".treetable").treetable({column:0,expandable:true,clickableNodeNames:true,initialState:"expanded",indent:0});is_original=true;stripeTreeTable();});function resetTreetable(){if(!is_original){$(".treetable").remove();$("#rule-overview").append(original_treetable.clone());$(".treetable").treetable({column:0,expandable:true,clickableNodeNames:true,initialState:"expanded",indent:0});$(".toggle-rule-display").each(function(){toggleRuleDisplay(this);});is_original=true;}}function newGroupLine(key,group_name){var maxKeyLength=24;if(key.length>maxKeyLength)key=key.substring(0,maxKeyLength-1)+"â¦";return "<tr class=\"rule-overview-inner-node\" data-tt-id=\""+group_name+"\">"+"<td colspan=\"3\"><small>"+key+"</small> = <strong>"+group_name+"</strong></td></tr>";}var KeysEnum={DEFAULT:"default",SEVERITY:"severity",RESULT:"result",NIST:"NIST SP 800-53 ID",DISA_CCI:"DISA CCI",DISA_SRG:"DISA SRG",DISA_STIG_ID:"DISA STIG ID",PCI_DSS:"PCI DSS Requirement",CIS:"CIS Recommendation"};function getTargetGroupsList(rule,key){switch(key){case KeysEnum.SEVERITY:var severity=rule.children(".rule-severity").text();return [severity];case KeysEnum.RESULT:var result=rule.children(".rule-result").text();return [result];default:try{var references=JSON.parse(rule.attr("data-references"));}catch(err){return ["unknown"];}if(!references.hasOwnProperty(key))return ["unknown"];return references[key];}}function sortGroups(groups,key){switch(key){case KeysEnum.SEVERITY:return ["high","medium","low"];case KeysEnum.RESULT:return groups.sort();default:return groups.sort(function(a,b){var a_parts=a.split(/[.()-]/);var b_parts=b.split(/[.()-]/);var result=0;var min_length=Math.min(a_parts.length,b_parts.length);var number=/^[1-9][0-9]*$/;for(i=0;i<min_length&&result==0;i++)if(a_parts[i].match(number)==null||a_parts[i].match(number)==null)result=a_parts[i].localeCompare(b_parts[i]);else result=parseInt(a_parts[i])-parseInt(b_parts[i]);if(result==0)result=a_parts.length-b_parts.length;return result;});}}function groupRulesBy(key){resetTreetable();if(key==KeysEnum.DEFAULT)return;var lines={};$(".rule-overview-leaf").each(function(){$(this).children("td:first").css("padding-left","0px");var id=$(this).attr("data-tt-id");var target_groups=getTargetGroupsList($(this),key);for(i=0;i<target_groups.length;i++){var target_group=target_groups[i];if(!lines.hasOwnProperty(target_group))lines[target_group]=[newGroupLine(key,target_group)];var clone=$(this).clone();clone.attr("data-tt-id",id+"copy"+i);clone.attr("data-tt-parent-id",target_group);var new_line=clone.wrap("<div>").parent().html();lines[target_group].push(new_line);}});$(".treetable").remove();var groups=sortGroups(Object.keys(lines),key);var html_text="";for(i=0;i<groups.length;i++)html_text+=lines[groups[i]].join("\n");new_table="<table class=\"treetable table table-bordered\"><thead><tr><th>Group</th> <th style=\"width: 120px; text-align: center\">Severity</th><th style=\"width: 120px; text-align: center\">Result</th></tr></thead><tbody>"+html_text+"</tbody></table>";$("#rule-overview").append(new_table);is_original=false;$(".treetable").treetable({column:0,expandable:true,clickableNodeNames:true,initialState:"expanded",indent:0});stripeTreeTable();}function stripeTreeTable(){var rows=$(".rule-overview-leaf:not(.rule-result-filtered)");var even=false;$(rows).each(function(){$(this).css("background-color",even?"#F9F9F9":"inherit");even=!even;});}</script></head><body><nav class="navbar navbar-default" role="navigation"><div class="navbar-header" style="float: none"><a class="navbar-brand" href="#"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="52" height="52" id="svg2"><g transform="matrix(0.75266991,0,0,0.75266991,-17.752968,-104.57468)" id="g32"><path d="m 24.7,173.5 c 0,-9 3.5,-17.5 9.9,-23.9 6.8,-6.8 15.7,-10.4 25,-10 8.6,0.3 16.9,3.9 22.9,9.8 6.4,6.4 9.9,14.9 10,23.8 0.1,9.1 -3.5,17.8 -10,24.3 -13.2,13.2 -34.7,13.1 -48,-0.1 -1.5,-1.5 -1.9,-4.2 0.2,-6.2 l 9,-9 c -2,-3.6 -4.9,-13.1 2.6,-20.7 7.6,-7.6 18.6,-6 24.4,-0.2 3.3,3.3 5.1,7.6 5.1,12.1 0.1,4.6 -1.8,9.1 -5.3,12.5 -4.2,4.2 -10.2,5.8 -16.1,4.4 -1.5,-0.4 -2.4,-1.9 -2.1,-3.4 0.4,-1.5 1.9,-2.4 3.4,-2.1 4.1,1 8,-0.1 10.9,-2.9 2.3,-2.3 3.6,-5.3 3.6,-8.4 0,0 0,-0.1 0,-0.1 0,-3 -1.3,-5.9 -3.5,-8.2 -3.9,-3.9 -11.3,-4.9 -16.5,0.2 -6.3,6.3 -1.6,14.1 -1.6,14.2 1.5,2.4 0.7,5 -0.9,6.3 l -8.4,8.4 c 9.9,8.9 27.2,11.2 39.1,-0.8 5.4,-5.4 8.4,-12.5 8.4,-20 0,-0.1 0,-0.2 0,-0.3 -0.1,-7.5 -3,-14.6 -8.4,-19.9 -5,-5 -11.9,-8 -19.1,-8.2 -7.8,-0.3 -15.2,2.7 -20.9,8.4 -8.7,8.7 -8.7,19 -7.9,24.3 0.3,2.4 1.1,4.9 2.2,7.3 0.6,1.4 0,3.1 -1.4,3.7 -1.4,0.6 -3.1,0 -3.7,-1.4 -1.3,-2.9 -2.2,-5.8 -2.6,-8.7 -0.3,-1.7 -0.4,-3.5 -0.4,-5.2 z" id="path34" style="fill:#12497f"></path></g></svg></a><div><h1>OpenSCAP Evaluation Report</h1></div></div></nav><div class="container"><div id="content"><div id="introduction"><div class="row"><h2>Guide to the Secure Configuration of Red Hat Enterprise Linux 7</h2><blockquote>with profile <mark>OSPP - Protection Profile for General Purpose Operating Systems v. 4.2</mark><div class="col-md-12 well well-lg horizontal-scroll"><div class="description profile-description"><small>This profile reflects mandatory configuration controls identified in the NIAP Configuration Annex to the Protection Profile for General Purpose Operating Systems (Protection Profile Version 4.2). This Annex is consistent with CNSSI-1253, which requires US National Security Systems to adhere to certain configuration parameters. Accordingly, configuration guidance produced according to the requirements of this Annex is suitable for use in US National Security Systems.</small></div></div></blockquote><div class="col-md-12 well well-lg horizontal-scroll"><div class="front-matter">The SCAP Security Guide Project<br> <a href="https://www.open-scap.org/security-policies/scap-security-guide">https://www.open-scap.org/security-policies/scap-security-guide</a> </div><div class="description">This guide presents a catalog of security-relevant configuration settings for Red Hat Enterprise Linux 7. It is a rendering of content structured in the eXtensible Configuration Checklist Description Format (XCCDF) in order to support security automation. The SCAP content is is available in the <code>scap-security-guide</code> package which is developed at <a href="https://www.open-scap.org/security-policies/scap-security-guide">https://www.open-scap.org/security-policies/scap-security-guide</a>. <br><br> Providing system administrators with such guidance informs them how to securely configure systems under their control in a variety of network roles. Policy makers and baseline creators can use this catalog of settings, with its associated references to higher-level security control catalogs, in order to assist them in security baseline creation. This guide is a <em>catalog, not a checklist</em>, and satisfaction of every item is not likely to be possible or sensible in many operational scenarios. However, the XCCDF format enables granular selection and adjustment of settings, and their association with OVAL and OCIL content provides an automated checking capability. Transformations of this document, and its associated automated checking content, are capable of providing baselines that meet a diverse set of policy objectives. Some example XCCDF <em>Profiles</em>, which are selections of items that form checklists and can be used as baselines, are available with this guide. They can be processed, in an automated fashion, with tools that support the Security Content Automation Protocol (SCAP). The DISA STIG for Red Hat Enterprise Linux 7, which provides required settings for US Department of Defense systems, is one example of a baseline created from this guidance. </div><div class="top-spacer-10"><div class="alert alert-info">Do not attempt to implement any of the settings in this guide without first testing them in a non-operational environment. The creators of this guidance assume no responsibility whatsoever for its use by other parties, and makes no guarantees, expressed or implied, about its quality, reliability, or any other characteristic. </div></div></div></div></div><div id="characteristics"><h2>Evaluation Characteristics</h2><div class="row"><div class="col-md-5 well well-lg horizontal-scroll"><table class="table table-bordered"><tr><th>Evaluation target</th><td>localhost.localdomain</td></tr><tr><th>Benchmark URL</th><td>/tmp/tmp.GMUqgtiYrj/input.xml</td></tr><tr><th>Benchmark ID</th><td>xccdf_org.ssgproject.content_benchmark_RHEL-7</td></tr><tr><th>Profile ID</th><td>xccdf_org.ssgproject.content_profile_ospp42</td></tr><tr><th>Started at</th><td>2018-09-25T23:08:34</td></tr><tr><th>Finished at</th><td>2018-09-25T23:09:04</td></tr><tr><th>Performed by</th><td>admin</td></tr></table></div><div class="col-md-3 horizontal-scroll"><h4>CPE Platforms</h4><ul class="list-group"><li class="list-group-item"><span class="label label-success" title="CPE platform cpe:/o:redhat:enterprise_linux:7 was found applicable on the evaluated machine">cpe:/o:redhat:enterprise_linux:7</span></li><li class="list-group-item"><span class="label label-success" title="CPE platform cpe:/o:redhat:enterprise_linux:7::client was found applicable on the evaluated machine">cpe:/o:redhat:enterprise_linux:7::client</span></li><li class="list-group-item"><span class="label label-success" title="CPE platform cpe:/o:redhat:enterprise_linux:7::computenode was found applicable on the evaluated machine">cpe:/o:redhat:enterprise_linux:7::computenode</span></li></ul></div><div class="col-md-4 horizontal-scroll"><h4>Addresses</h4><ul class="list-group"><li class="list-group-item"><span class="label label-primary">IPv4</span>  127.0.0.1</li><li class="list-group-item"><span class="label label-primary">IPv4</span>  192.168.122.24</li><li class="list-group-item"><span class="label label-info">IPv6</span>  0:0:0:0:0:0:0:1</li><li class="list-group-item"><span class="label label-info">IPv6</span>  fe80:0:0:0:5054:ff:fe89:b532</li><li class="list-group-item"><span class="label label-default">MAC</span>  00:00:00:00:00:00</li><li class="list-group-item"><span class="label label-default">MAC</span>  52:54:00:89:B5:32</li></ul></div></div></div><div id="compliance-and-scoring"><h2>Compliance and Scoring</h2><div class="alert alert-danger"><strong>The target system did not satisfy the conditions of 21 rules!</strong> Please review rule results and consider applying remediation. </div><h3>Rule results</h3><div class="progress" title="Displays proportion of passed/fixed, failed/error, and other rules (in that order). There were 176 rules taken into account."><div class="progress-bar progress-bar-success" style="width: 85.7954545454545%">151 passed </div><div class="progress-bar progress-bar-danger" style="width: 11.9318181818182%">21 failed </div><div class="progress-bar progress-bar-warning" style="width: 2.272727272727271%">4 other </div></div><h3>Severity of failed rules</h3><div class="progress" title="Displays proportion of high, medium, low, and other severity failed rules (in that order). There were 21 total failed rules."><div class="progress-bar progress-bar-success" style="width: 9.523809523809524%">2 other </div><div class="progress-bar progress-bar-info" style="width: 0%">0 low </div><div class="progress-bar progress-bar-warning" style="width: 85.7142857142857%">18 medium </div><div class="progress-bar progress-bar-danger" style="width: 4.761904761904762%">1 high </div></div><h3 title="As per the XCCDF specification">Score</h3><table class="table table-striped table-bordered"><thead><tr><th>Scoring system</th><th class="text-center">Score</th><th class="text-center">Maximum</th><th class="text-center" style="width: 40%">Percent</th></tr></thead><tbody><tr><td>urn:xccdf:scoring:default</td><td class="text-center">92.306892</td><td class="text-center">100.000000</td><td><div class="progress"><div class="progress-bar progress-bar-success" style="width: 92.306892%">92.31%</div><div class="progress-bar progress-bar-danger" style="width: 7.693107999999995%"></div></div></td></tr></tbody></table></div><div id="rule-overview"><h2>Rule Overview</h2><div class="form-group js-only hidden-print"><div class="row"><div title="Filter rules by their XCCDF result"><div class="col-sm-2 toggle-rule-display-success"><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="pass"></input>pass</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="fixed"></input>fixed</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="informational"></input>informational</label></div></div><div class="col-sm-2 toggle-rule-display-danger"><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="fail"></input>fail</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="error"></input>error</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="unknown"></input>unknown</label></div></div><div class="col-sm-2 toggle-rule-display-other"><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="notchecked"></input>notchecked</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="notapplicable"></input>notapplicable</label></div></div></div><div class="col-sm-6"><div class="input-group"><input type="text" class="form-control" placeholder="Search through XCCDF rules" id="search-input" oninput="ruleSearch()"></input><div class="input-group-btn"><button class="btn btn-default" onclick="ruleSearch()">Search</button></div></div><p id="search-matches"></p> Group rules by: <select name="groupby" onchange="groupRulesBy(value)"><option value="default" selected>Default</option><option value="severity">Severity</option><option value="result">Result</option><option disabled>ââââââââââ</option><option value="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx</option><option value="DISA CCI">DISA CCI</option><option value="DISA SRG">DISA SRG</option><option value="DISA STIG">DISA STIG</option><option value="NIST SP 800-171">NIST SP 800-171</option><option value="NIST SP 800-53">NIST SP 800-53</option><option value="ANSSI">ANSSI</option><option value="CIS Recommendation">CIS Recommendation</option><option value="FBI CJIS">FBI CJIS</option><option value="HIPAA">HIPAA</option><option value="ISO 27001-2013">ISO 27001-2013</option><option value="https://www.niap-ccevs.org/Profile/PP.cfm">https://www.niap-ccevs.org/Profile/PP.cfm</option><option value="PCI-DSS Requirement">PCI-DSS Requirement</option></select></div></div></div><table class="treetable table table-bordered"><thead><tr><th>Title</th><th style="width: 120px; text-align: center">Severity</th><th style="width: 120px; text-align: center">Result</th></tr></thead><tbody><tr data-tt-id="xccdf_org.ssgproject.content_benchmark_RHEL-7" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_benchmark_RHEL-7"><td colspan="3" style="padding-left: 0px"><strong>Guide to the Secure Configuration of Red Hat Enterprise Linux 7</strong> <span class="badge">21x fail</span> <span class="badge">4x notchecked</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_services" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_services" data-tt-parent-id="xccdf_org.ssgproject.content_benchmark_RHEL-7"><td colspan="3" style="padding-left: 19px">Services<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_services");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_sssd" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_sssd" data-tt-parent-id="xccdf_org.ssgproject.content_group_services"><td colspan="3" style="padding-left: 38px">System Security Services Daemon<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_sssd");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sssd_memcache_timeout" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sssd_memcache_timeout" id="rule-overview-leaf-idm45508566493920" data-tt-parent-id="xccdf_org.ssgproject.content_group_sssd" data-references='{"DISA CCI":["CCI-002007"],"DISA SRG":["SRG-OS-000383-GPOS-00166"],"NIST SP 800-53":["IA-5(10)","IA-5(13)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 57px"><a href="#rule-detail-idm45508566493920" onclick="return openRuleDetailsDialog('idm45508566493920')">Configure SSSD's Memory Cache to Expire</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sssd_offline_cred_expiration" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sssd_offline_cred_expiration" id="rule-overview-leaf-idm45508566487888" data-tt-parent-id="xccdf_org.ssgproject.content_group_sssd" data-references='{"DISA CCI":["CCI-002007"],"DISA SRG":["SRG-OS-000383-GPOS-00166"],"NIST SP 800-53":["IA-5(13)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 57px"><a href="#rule-detail-idm45508566487888" onclick="return openRuleDetailsDialog('idm45508566487888')">Configure SSSD to Expire Offline Credentials</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_base" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_base" data-tt-parent-id="xccdf_org.ssgproject.content_group_services"><td colspan="3" style="padding-left: 38px">Base Services<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_base");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_abrt_removed" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_package_abrt_removed" id="rule-overview-leaf-idm45508566462288" data-tt-parent-id="xccdf_org.ssgproject.content_group_base" data-references="{}"><td style="padding-left: 57px"><a href="#rule-detail-idm45508566462288" onclick="return openRuleDetailsDialog('idm45508566462288')">Uninstall Automatic Bug Reporting Tool (abrt)</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_mail" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_mail" data-tt-parent-id="xccdf_org.ssgproject.content_group_services"><td colspan="3" style="padding-left: 38px">Mail Server Software<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_mail");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_sendmail_removed" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_package_sendmail_removed" id="rule-overview-leaf-idm45508566390816" data-tt-parent-id="xccdf_org.ssgproject.content_group_mail" data-references='{"NIST SP 800-53":["CM-7"]}'><td style="padding-left: 57px"><a href="#rule-detail-idm45508566390816" onclick="return openRuleDetailsDialog('idm45508566390816')">Uninstall Sendmail Package</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_ssh" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_ssh" data-tt-parent-id="xccdf_org.ssgproject.content_group_services"><td colspan="3" style="padding-left: 38px">SSH Server<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_ssh");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_ssh_server" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_ssh_server" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh"><td colspan="3" style="padding-left: 57px">Configure OpenSSH Server if Necessary<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_ssh_server");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts" id="rule-overview-leaf-idm45508566299216" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86873r2_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-040380"],"NIST SP 800-171":["3.1.12"],"NIST SP 800-53":["CM-6(a)"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566299216" onclick="return openRuleDetailsDialog('idm45508566299216')">Disable SSH Support for User Known Hosts</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords" id="rule-overview-leaf-idm45508566294672" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86563r2_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00229"],"DISA STIG":["RHEL-07-010300"],"NIST SP 800-171":["3.1.1","3.1.5"],"NIST SP 800-53":["AC-3","AC-6","CM-6(b)"],"CIS Recommendation":["5.2.9"],"FBI CJIS":["5.5.6"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566294672" onclick="return openRuleDetailsDialog('idm45508566294672')">Disable SSH Access via Empty Passwords</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_disable_rhosts_rsa" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_disable_rhosts_rsa" id="rule-overview-leaf-idm45508566287856" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86863r3_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-040330"],"NIST SP 800-171":["3.1.12"],"NIST SP 800-53":["CM-6(a)"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566287856" onclick="return openRuleDetailsDialog('idm45508566287856')">Disable SSH Support for Rhosts RSA Authentication</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner" id="rule-overview-leaf-idm45508566280992" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86849r3_rule"],"DISA CCI":["CCI-000048","CCI-000050","CCI-001384","CCI-001385","CCI-001386","CCI-001387","CCI-001388"],"DISA SRG":["SRG-OS-000023-GPOS-00006","SRG-OS-000024-GPOS-00007","SRG-OS-000228-GPOS-00088"],"DISA STIG":["RHEL-07-040170"],"NIST SP 800-171":["3.1.9"],"NIST SP 800-53":["AC-8(a)","AC-8(b)","AC-8(c)(1)","AC-8(c)(2)","AC-8(c)(3)"],"CIS Recommendation":["5.2.16"],"FBI CJIS":["5.5.6"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566280992" onclick="return openRuleDetailsDialog('idm45508566280992')">Enable SSH Warning Banner</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_disable_kerb_auth" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_disable_kerb_auth" id="rule-overview-leaf-idm45508566271728" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86885r2_rule"],"DISA CCI":["CCI-000368","CCI-000318","CCI-001812","CCI-001813","CCI-001814"],"DISA SRG":["SRG-OS-000364-GPOS-00151"],"DISA STIG":["RHEL-07-040440"],"NIST SP 800-171":["3.1.12"],"NIST SP 800-53":["CM-6(c)"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566271728" onclick="return openRuleDetailsDialog('idm45508566271728')">Disable Kerberos Authentication</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_disable_rhosts" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_disable_rhosts" id="rule-overview-leaf-idm45508566264864" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86867r2_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-040350"],"NIST SP 800-171":["3.1.12"],"NIST SP 800-53":["AC-3","CM-6(a)"],"CIS Recommendation":["5.2.6"],"FBI CJIS":["5.5.6"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566264864" onclick="return openRuleDetailsDialog('idm45508566264864')">Disable SSH Support for .rhosts Files</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_host_auth" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_disable_host_auth" id="rule-overview-leaf-idm45508566251520" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86583r2_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00229"],"DISA STIG":["RHEL-07-010470"],"NIST SP 800-171":["3.1.12"],"NIST SP 800-53":["AC-3","CM-6(b)"],"CIS Recommendation":["5.2.7"],"FBI CJIS":["5.5.6"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566251520" onclick="return openRuleDetailsDialog('idm45508566251520')">Disable Host-Based Authentication</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_disable_gssapi_auth" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_disable_gssapi_auth" id="rule-overview-leaf-idm45508566234048" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86883r2_rule"],"DISA CCI":["CCI-000368","CCI-000318","CCI-001812","CCI-001813","CCI-001814"],"DISA SRG":["SRG-OS-000364-GPOS-00151"],"DISA STIG":["RHEL-07-040430"],"NIST SP 800-171":["3.1.12"],"NIST SP 800-53":["CM-6(c)"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566234048" onclick="return openRuleDetailsDialog('idm45508566234048')">Disable GSSAPI Authentication</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_disable_root_login" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_disable_root_login" id="rule-overview-leaf-idm45508566227184" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86871r2_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-040370"],"NIST SP 800-171":["3.1.1","3.1.5"],"NIST SP 800-53":["AC-3","AC-6(2)","IA-2(1)","IA-2(5)"],"CIS Recommendation":["5.2.8"],"FBI CJIS":["5.5.6"],"HIPAA":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566227184" onclick="return openRuleDetailsDialog('idm45508566227184')">Disable SSH Root Login</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_system" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_system" data-tt-parent-id="xccdf_org.ssgproject.content_benchmark_RHEL-7"><td colspan="3" style="padding-left: 19px"><strong>System Settings</strong> <span class="badge">21x fail</span> <span class="badge">4x notchecked</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_software" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_software" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px"><strong>Installing and Maintaining Software</strong> <span class="badge">1x notchecked</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_integrity" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_integrity" data-tt-parent-id="xccdf_org.ssgproject.content_group_software"><td colspan="3" style="padding-left: 57px">System and Software Integrity<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_integrity");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_certified-vendor" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_certified-vendor" data-tt-parent-id="xccdf_org.ssgproject.content_group_integrity"><td colspan="3" style="padding-left: 76px">Operating System Vendor Support and Certification<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_certified-vendor");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_installed_OS_is_certified" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_installed_OS_is_certified" id="rule-overview-leaf-idm45508566184240" data-tt-parent-id="xccdf_org.ssgproject.content_group_certified-vendor" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86621r2_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-020250"],"NIST SP 800-53":["SI-2(c)"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566184240" onclick="return openRuleDetailsDialog('idm45508566184240')">The Installed Operating System Is Vendor Supported and Certified</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_fips" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_fips" data-tt-parent-id="xccdf_org.ssgproject.content_group_integrity"><td colspan="3" style="padding-left: 76px">Federal Information Processing Standard (FIPS)<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_fips");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_enable_fips_mode" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_grub2_enable_fips_mode" id="rule-overview-leaf-idm45508566178768" data-tt-parent-id="xccdf_org.ssgproject.content_group_fips" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86691r3_rule"],"DISA CCI":["CCI-000068","CCI-002450"],"DISA SRG":["SRG-OS-000033-GPOS-00014","SRG-OS-000396-GPOS-00176","SRG-OS-000478-GPOS-00223"],"DISA STIG":["RHEL-07-021350"],"NIST SP 800-171":["3.13.8","3.13.11"],"NIST SP 800-53":["AC-17(2)"],"FBI CJIS":["5.10.1.2"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566178768" onclick="return openRuleDetailsDialog('idm45508566178768')">Enable FIPS Mode in GRUB2</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_software-integrity" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_software-integrity" data-tt-parent-id="xccdf_org.ssgproject.content_group_integrity"><td colspan="3" style="padding-left: 76px">Software Integrity Checking<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_software-integrity");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_rpm_verification" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_rpm_verification" data-tt-parent-id="xccdf_org.ssgproject.content_group_software-integrity"><td colspan="3" style="padding-left: 95px">Verify Integrity with RPM<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_rpm_verification");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_rpm_verify_hashes" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_rpm_verify_hashes" id="rule-overview-leaf-idm45508566144880" data-tt-parent-id="xccdf_org.ssgproject.content_group_rpm_verification" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86479r2_rule"],"DISA CCI":["CCI-000663"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-010020"],"NIST SP 800-171":["3.3.8","3.4.1"],"NIST SP 800-53":["CM-6(d)","CM-6(3)","SI-7(1)"],"CIS Recommendation":["1.2.6"],"FBI CJIS":["5.10.4.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.312(b)","164.312(c)(1)","164.312(c)(2)","164.312(e)(2)(i)"],"PCI-DSS Requirement":["Req-11.5"]}'><td style="padding-left: 114px"><a href="#rule-detail-idm45508566144880" onclick="return openRuleDetailsDialog('idm45508566144880')">Verify File Hashes with RPM</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_updating" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_updating" data-tt-parent-id="xccdf_org.ssgproject.content_group_software"><td colspan="3" style="padding-left: 57px"><strong>Updating Software</strong> <span class="badge">1x notchecked</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled" id="rule-overview-leaf-idm45508566122224" data-tt-parent-id="xccdf_org.ssgproject.content_group_updating" data-references='{"":["366"],"DISA CCI":["CCI-001749"],"NIST SP 800-171":["3.4.8"],"NIST SP 800-53":["CM-5(3)","SI-7","MA-1(b)"],"FBI CJIS":["5.10.4.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.312(b)","164.312(c)(1)","164.312(c)(2)","164.312(e)(2)(i)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-6.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566122224" onclick="return openRuleDetailsDialog('idm45508566122224')">Ensure gpgcheck Enabled For All Yum Package Repositories</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_security_patches_up_to_date" class="rule-overview-leaf rule-overview-leaf-notchecked rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_security_patches_up_to_date" id="rule-overview-leaf-idm45508566118496" data-tt-parent-id="xccdf_org.ssgproject.content_group_updating" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86623r3_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-020260"],"NIST SP 800-53":["SI-2","SI-2(c)","MA-1(b)"],"CIS Recommendation":["1.8"],"FBI CJIS":["5.10.4.1"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-6.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566118496" onclick="return openRuleDetailsDialog('idm45508566118496')">Ensure Software Patches Installed</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-notchecked"><div><abbr title="The Rule was not evaluated by the checking engine. This status is designed for Rule elements that have no check elements or that correspond to an unsupported checking system. It may also correspond to a status returned by a checking engine if the checking engine does not support the indicated check code.">notchecked</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_ensure_redhat_gpgkey_installed" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_ensure_redhat_gpgkey_installed" id="rule-overview-leaf-idm45508566114448" data-tt-parent-id="xccdf_org.ssgproject.content_group_updating" data-references='{"":["366"],"DISA CCI":["CCI-001749"],"NIST SP 800-171":["3.4.8"],"NIST SP 800-53":["CM-5(3)","SI-7","MA-1(b)"],"CIS Recommendation":["1.2.3"],"FBI CJIS":["5.10.4.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.312(b)","164.312(c)(1)","164.312(c)(2)","164.312(e)(2)(i)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-6.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566114448" onclick="return openRuleDetailsDialog('idm45508566114448')">Ensure Red Hat GPG Key Installed</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated" id="rule-overview-leaf-idm45508566106048" data-tt-parent-id="xccdf_org.ssgproject.content_group_updating" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86601r1_rule"],"DISA CCI":["CCI-001749"],"DISA SRG":["SRG-OS-000366-GPOS-00153"],"DISA STIG":["RHEL-07-020050"],"NIST SP 800-171":["3.4.8"],"NIST SP 800-53":["CM-5(3)","SI-7","MA-1(b)"],"CIS Recommendation":["1.2.2"],"FBI CJIS":["5.10.4.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.312(b)","164.312(c)(1)","164.312(c)(2)","164.312(e)(2)(i)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-6.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566106048" onclick="return openRuleDetailsDialog('idm45508566106048')">Ensure gpgcheck Enabled In Main Yum Configuration</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages" id="rule-overview-leaf-idm45508566102320" data-tt-parent-id="xccdf_org.ssgproject.content_group_updating" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86603r1_rule"],"DISA CCI":["CCI-001749"],"DISA SRG":["SRG-OS-000366-GPOS-00153"],"DISA STIG":["RHEL-07-020060"],"NIST SP 800-171":["3.4.8"],"NIST SP 800-53":["CM-5(3)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.312(b)","164.312(c)(1)","164.312(c)(2)","164.312(e)(2)(i)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508566102320" onclick="return openRuleDetailsDialog('idm45508566102320')">Ensure gpgcheck Enabled for Local Packages</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_gnome" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_gnome" data-tt-parent-id="xccdf_org.ssgproject.content_group_software"><td colspan="3" style="padding-left: 57px">GNOME Desktop Environment<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_gnome");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_gnome_screen_locking" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_gnome_screen_locking" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome"><td colspan="3" style="padding-left: 76px">Configure GNOME Screen Locking<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_gnome_screen_locking");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_session_idle_user_locks" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_session_idle_user_locks" id="rule-overview-leaf-idm45508566095152" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_screen_locking" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-87809r3_rule"],"DISA CCI":["CCI-000057"],"DISA SRG":["SRG-OS-00029-GPOS-0010"],"DISA STIG":["RHEL-07-010082"],"NIST SP 800-171":["3.1.10"],"NIST SP 800-53":["AC-11(a)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566095152" onclick="return openRuleDetailsDialog('idm45508566095152')">Ensure Users Cannot Change GNOME3 Session Idle Settings</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_delay" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_delay" id="rule-overview-leaf-idm45508566091472" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_screen_locking" data-references='{"":["OS-SRG-000029-GPOS-00010"],"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86525r2_rule"],"DISA CCI":["CCI-000056"],"DISA STIG":["RHEL-07-010110"],"NIST SP 800-171":["3.1.10"],"NIST SP 800-53":["AC-11(a)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-8.1.8"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566091472" onclick="return openRuleDetailsDialog('idm45508566091472')">Set GNOME3 Screensaver Lock Delay After Activation Period</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_info" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_info" id="rule-overview-leaf-idm45508566086944" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_screen_locking" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566086944" onclick="return openRuleDetailsDialog('idm45508566086944')">Disable Full User Name on Splash Shield</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_locks" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_locks" id="rule-overview-leaf-idm45508566083264" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_screen_locking" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-87807r3_rule"],"DISA CCI":["CCI-000057"],"DISA SRG":["SRG-OS-00029-GPOS-0010"],"DISA STIG":["RHEL-07-010081"],"NIST SP 800-171":["3.1.10"],"NIST SP 800-53":["AC-11(a)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566083264" onclick="return openRuleDetailsDialog('idm45508566083264')">Ensure Users Cannot Change GNOME3 Screensaver Settings</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_activation_enabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_activation_enabled" id="rule-overview-leaf-idm45508566077824" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_screen_locking" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86523r3_rule"],"DISA CCI":["CCI-000057"],"DISA SRG":["SRG-OS-000029-GPOS-00010"],"DISA STIG":["RHEL-07-010100"],"NIST SP 800-171":["3.1.10"],"NIST SP 800-53":["AC-11(a)"],"FBI CJIS":["5.5.5"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-8.1.8"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566077824" onclick="return openRuleDetailsDialog('idm45508566077824')">Enable GNOME3 Screensaver Idle Activation</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_delay" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_delay" id="rule-overview-leaf-idm45508566070608" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_screen_locking" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86517r4_rule"],"DISA CCI":["CCI-000057"],"DISA SRG":["SRG-OS-000029-GPOS-00010"],"DISA STIG":["RHEL-07-010070"],"NIST SP 800-171":["3.1.10"],"NIST SP 800-53":["AC-11(a)"],"FBI CJIS":["5.5.5"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-8.1.8"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566070608" onclick="return openRuleDetailsDialog('idm45508566070608')">Set GNOME3 Screensaver Inactivity Timeout</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_mode_blank" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_mode_blank" id="rule-overview-leaf-idm45508566061968" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_screen_locking" data-references='{"DISA CCI":["CCI-000060"],"NIST SP 800-171":["3.1.10"],"NIST SP 800-53":["AC-11(b)"],"FBI CJIS":["5.5.5"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-8.1.8"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566061968" onclick="return openRuleDetailsDialog('idm45508566061968')">Implement Blank Screensaver</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_enabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_enabled" id="rule-overview-leaf-idm45508566056496" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_screen_locking" data-references='{"":["OS-SRG-000030-GPOS-00011"],"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86515r4_rule"],"DISA CCI":["CCI-000056"],"DISA SRG":["SRG-OS-000028-GPOS-00009"],"DISA STIG":["RHEL-07-010060"],"NIST SP 800-171":["3.1.10"],"NIST SP 800-53":["AC-11(b)"],"FBI CJIS":["5.5.5"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-8.1.8"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566056496" onclick="return openRuleDetailsDialog('idm45508566056496')">Enable GNOME3 Screensaver Lock After Idle Period</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_gnome_login_screen" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_gnome_login_screen" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome"><td colspan="3" style="padding-left: 76px">Configure GNOME Login Screen<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_gnome_login_screen");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_gnome_gdm_disable_automatic_login" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_gnome_gdm_disable_automatic_login" id="rule-overview-leaf-idm45508566020928" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_login_screen" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86577r1_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00229"],"DISA STIG":["RHEL-07-010440"],"NIST SP 800-171":["3.1.1"],"NIST SP 800-53":["CM-6(b)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566020928" onclick="return openRuleDetailsDialog('idm45508566020928')">Disable GDM Automatic Login</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_login_retries" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_login_retries" id="rule-overview-leaf-idm45508566017200" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_login_screen" data-references='{"NIST SP 800-171":["3.1.8"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566017200" onclick="return openRuleDetailsDialog('idm45508566017200')">Set the GNOME3 Login Number of Failures</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_gnome_gdm_disable_guest_login" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_gnome_gdm_disable_guest_login" id="rule-overview-leaf-idm45508566009440" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_login_screen" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86579r2_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00229"],"DISA STIG":["RHEL-07-010450"],"NIST SP 800-171":["3.1.1"],"NIST SP 800-53":["CM-6(b)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508566009440" onclick="return openRuleDetailsDialog('idm45508566009440')">Disable GDM Guest Login</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_logging" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_logging" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px">Configure Syslog<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_logging");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="xccdf_org.ssgproject.content_group_logging"><td colspan="3" style="padding-left: 57px">Rsyslog Logs Sent To Remote Host<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_rsyslog_sending_messages");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_rsyslog_remote_loghost" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_rsyslog_remote_loghost" id="rule-overview-leaf-idm45508565988592" data-tt-parent-id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86833r1_rule"],"DISA CCI":["CCI-000366","CCI-001348","CCI-000136","CCI-001851"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-031000"],"NIST SP 800-53":["AU-3(2)","AU-4(1)","AU-9"],"CIS Recommendation":["4.2.1.4"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(5)(ii)(B)","164.308(a)(5)(ii)(C)","164.308(a)(6)(ii)","164.308(a)(8)","164.310(d)(2)(iii)","164.312(b)","164.314(a)(2)(i)(C)","164.314(a)(2)(iii)"],"ISO 27001-2013":["A.12.3.1"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508565988592" onclick="return openRuleDetailsDialog('idm45508565988592')">Ensure Logs Sent To Remote Host</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_ensure_rsyslog_log_file_configuration" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_ensure_rsyslog_log_file_configuration" data-tt-parent-id="xccdf_org.ssgproject.content_group_logging"><td colspan="3" style="padding-left: 57px">Ensure Proper Configuration of Log Files<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_ensure_rsyslog_log_file_configuration");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_rsyslog_cron_logging" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_rsyslog_cron_logging" id="rule-overview-leaf-idm45508565977776" data-tt-parent-id="xccdf_org.ssgproject.content_group_ensure_rsyslog_log_file_configuration" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86675r1_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-021100"],"NIST SP 800-53":["AU-2(d)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508565977776" onclick="return openRuleDetailsDialog('idm45508565977776')">Ensure cron Is Logging To Rsyslog</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_network" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_network" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px"><strong>Network Configuration and Firewalls</strong> <span class="badge">1x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_network-firewalld" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_network-firewalld" data-tt-parent-id="xccdf_org.ssgproject.content_group_network"><td colspan="3" style="padding-left: 57px"><strong>firewalld</strong> <span class="badge">1x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_ruleset_modifications" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_ruleset_modifications" data-tt-parent-id="xccdf_org.ssgproject.content_group_network-firewalld"><td colspan="3" style="padding-left: 76px"><strong>Strengthen the Default Ruleset</strong> <span class="badge">1x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_set_firewalld_default_zone" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508565906384" data-tt-parent-id="xccdf_org.ssgproject.content_group_ruleset_modifications" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86939r2_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-040810"],"NIST SP 800-171":["3.1.3","3.4.7","3.13.6"],"NIST SP 800-53":["CM-6(b)","CM-7"],"FBI CJIS":["5.10.1"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508565906384" onclick="return openRuleDetailsDialog('idm45508565906384')">Set Default firewalld Zone for Incoming Packets</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_firewalld_activation" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_firewalld_activation" data-tt-parent-id="xccdf_org.ssgproject.content_group_network-firewalld"><td colspan="3" style="padding-left: 76px">Inspect and Activate Default firewalld Rules<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_firewalld_activation");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_service_firewalld_enabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_service_firewalld_enabled" id="rule-overview-leaf-idm45508565897936" data-tt-parent-id="xccdf_org.ssgproject.content_group_firewalld_activation" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86897r1_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-040520"],"NIST SP 800-171":["3.1.3","3.4.7"],"NIST SP 800-53":["CM-6(b)"],"CIS Recommendation":["4.7"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508565897936" onclick="return openRuleDetailsDialog('idm45508565897936')">Verify firewalld Enabled</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_bootloader-grub2" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_bootloader-grub2" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px"><strong>Set Boot Loader Password</strong> <span class="badge">1x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_password" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508565826848" data-tt-parent-id="xccdf_org.ssgproject.content_group_bootloader-grub2" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86585r4_rule"],"DISA CCI":["CCI-000213"],"DISA SRG":["SRG-OS-000080-GPOS-00048"],"DISA STIG":["RHEL-07-010480"],"NIST SP 800-171":["3.4.5"],"NIST SP 800-53":["IA-2(1)","IA-5(e)","AC-3"],"CIS Recommendation":["1.4.2"],"HIPAA":["164.308(a)(1)(ii)(B)","164.308(a)(7)(i)","164.308(a)(7)(ii)(A)","164.310(a)(1)","164.310(a)(2)(i)","164.310(a)(2)(ii)","164.310(a)(2)(iii)","164.310(b)","164.310(c)","164.310(d)(1)","164.310(d)(2)(iii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 57px"><a href="#rule-detail-idm45508565826848" onclick="return openRuleDetailsDialog('idm45508565826848')">Set Boot Loader Password in grub2</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_uefi_password" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_grub2_uefi_password" id="rule-overview-leaf-idm45508565807808" data-tt-parent-id="xccdf_org.ssgproject.content_group_bootloader-grub2" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86587r3_rule"],"DISA CCI":["CCI-000213"],"DISA SRG":["SRG-OS-000080-GPOS-00048"],"DISA STIG":["RHEL-07-010490"],"NIST SP 800-171":["3.4.5"],"NIST SP 800-53":["AC-3"],"CIS Recommendation":["1.4.2"],"HIPAA":["164.308(a)(1)(ii)(B)","164.308(a)(7)(i)","164.308(a)(7)(ii)(A)","164.310(a)(1)","164.310(a)(2)(i)","164.310(a)(2)(ii)","164.310(a)(2)(iii)","164.310(b)","164.310(c)","164.310(d)(1)","164.310(d)(2)(iii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 57px"><a href="#rule-detail-idm45508565807808" onclick="return openRuleDetailsDialog('idm45508565807808')">Set the UEFI Boot Loader Password</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_selinux" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_selinux" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px">SELinux<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_selinux");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_selinux_policytype" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_selinux_policytype" id="rule-overview-leaf-idm45508565256096" data-tt-parent-id="xccdf_org.ssgproject.content_group_selinux" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86615r3_rule"],"DISA CCI":["CCI-002696"],"DISA SRG":["SRG-OS-000445-GPOS-00199"],"DISA STIG":["RHEL-07-020220"],"NIST SP 800-171":["3.1.2","3.7.2"],"NIST SP 800-53":["AC-3","AC-3(3)","AC-3(4)","AC-4","AC-6","AU-9","SI-6(a)"],"CIS Recommendation":["1.6.1.3"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)","164.308(a)(4)","164.310(b)","164.310(c)","164.312(a)","164.312(e)"]}'><td style="padding-left: 57px"><a href="#rule-detail-idm45508565256096" onclick="return openRuleDetailsDialog('idm45508565256096')">Configure SELinux Policy</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_selinux_confinement_of_daemons" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_selinux_confinement_of_daemons" id="rule-overview-leaf-idm45508565249232" data-tt-parent-id="xccdf_org.ssgproject.content_group_selinux" data-references='{"NIST SP 800-171":["3.1.2","3.1.5","3.7.2"],"NIST SP 800-53":["AC-6","AU-9","CM-7"],"CIS Recommendation":["1.6.1.6"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)","164.308(a)(4)","164.310(b)","164.310(c)","164.312(a)","164.312(e)"]}'><td style="padding-left: 57px"><a href="#rule-detail-idm45508565249232" onclick="return openRuleDetailsDialog('idm45508565249232')">Ensure No Daemons are Unconfined by SELinux</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_selinux_all_devicefiles_labeled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_selinux_all_devicefiles_labeled" id="rule-overview-leaf-idm45508565245504" data-tt-parent-id="xccdf_org.ssgproject.content_group_selinux" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86663r1_rule"],"DISA CCI":["CCI-000022","CCI-000032","CCI-000368","CCI-000318","CCI-001812","CCI-001813","CCI-001814"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-020900"],"NIST SP 800-171":["3.1.2","3.1.5","3.7.2"],"NIST SP 800-53":["AC-6","AU-9","CM-3(f)","CM-7"]}'><td style="padding-left: 57px"><a href="#rule-detail-idm45508565245504" onclick="return openRuleDetailsDialog('idm45508565245504')">Ensure No Device Files are Unlabeled by SELinux</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_selinux_state" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_selinux_state" id="rule-overview-leaf-idm45508565239488" data-tt-parent-id="xccdf_org.ssgproject.content_group_selinux" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86613r2_rule"],"DISA CCI":["CCI-002165","CCI-002696"],"DISA SRG":["SRG-OS-000445-GPOS-00199"],"DISA STIG":["RHEL-07-020210"],"NIST SP 800-171":["3.1.2","3.7.2"],"NIST SP 800-53":["AC-3","AC-3(3)","AC-3(4)","AC-4","AC-6","AU-9","SI-6(a)"],"CIS Recommendation":["1.6.1.2"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)","164.308(a)(4)","164.310(b)","164.310(c)","164.312(a)","164.312(e)"]}'><td style="padding-left: 57px"><a href="#rule-detail-idm45508565239488" onclick="return openRuleDetailsDialog('idm45508565239488')">Ensure SELinux State is Enforcing</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px"><strong>Account and Access Control</strong> <span class="badge">1x notchecked</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-restrictions" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts-restrictions" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts"><td colspan="3" style="padding-left: 57px">Protect Accounts by Restricting Password-Based Login<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_accounts-restrictions");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_password_expiration" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_password_expiration" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-restrictions"><td colspan="3" style="padding-left: 76px">Set Password Expiration Parameters<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_password_expiration");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs" id="rule-overview-leaf-idm45508565226256" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_expiration" data-references='{"NIST SP 800-171":["3.5.7"],"NIST SP 800-53":["IA-5(f)","IA-5(1)(a)"],"FBI CJIS":["5.6.2.1"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508565226256" onclick="return openRuleDetailsDialog('idm45508565226256')">Set Password Minimum Length in login.defs</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_password_storage" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_password_storage" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-restrictions"><td colspan="3" style="padding-left: 76px">Verify Proper Storage and Existence of Password Hashes<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_password_storage");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_no_empty_passwords" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_no_empty_passwords" id="rule-overview-leaf-idm45508565186672" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_storage" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86561r2_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00227"],"DISA STIG":["RHEL-07-010290"],"NIST SP 800-171":["3.1.1","3.1.5"],"NIST SP 800-53":["AC-6","IA-5(b)","IA-5(c)","IA-5(1)(a)"],"FBI CJIS":["5.5.2"],"HIPAA":["164.308(a)(1)(ii)(B)","164.308(a)(7)(i)","164.308(a)(7)(ii)(A)","164.310(a)(1)","164.310(a)(2)(i)","164.310(a)(2)(ii)","164.310(a)(2)(iii)","164.310(b)","164.310(c)","164.310(d)(1)","164.310(d)(2)(iii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"],"PCI-DSS Requirement":["Req-8.2.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508565186672" onclick="return openRuleDetailsDialog('idm45508565186672')">Prevent Log In to Accounts With Empty Password</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts"><td colspan="3" style="padding-left: 57px">Secure Session Configuration Files for Login Accounts<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_accounts-session");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_tmout" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_tmout" id="rule-overview-leaf-idm45508565131200" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-session" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86847r3_rule"],"DISA CCI":["CCI-001133","CCI-000361"],"DISA SRG":["SRG-OS-000163-GPOS-00072"],"DISA STIG":["RHEL-07-040160"],"NIST SP 800-171":["3.1.11"],"NIST SP 800-53":["AC-12","SC-10"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508565131200" onclick="return openRuleDetailsDialog('idm45508565131200')">Set Interactive Session Timeout</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-physical" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts-physical" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts"><td colspan="3" style="padding-left: 57px"><strong>Protect Physical Console Access</strong> <span class="badge">1x notchecked</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_screen_locking" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_screen_locking" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-physical"><td colspan="3" style="padding-left: 76px">Configure Screen Locking<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_screen_locking");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_console_screen_locking" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_console_screen_locking" data-tt-parent-id="xccdf_org.ssgproject.content_group_screen_locking"><td colspan="3" style="padding-left: 95px">Configure Console Screen Locking<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_console_screen_locking");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_screen_installed" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_package_screen_installed" id="rule-overview-leaf-idm45508565110016" data-tt-parent-id="xccdf_org.ssgproject.content_group_console_screen_locking" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86521r1_rule"],"DISA CCI":["CCI-000057"],"DISA SRG":["SRG-OS-000029-GPOS-00010"],"DISA STIG":["RHEL-07-010090"],"NIST SP 800-171":["3.1.10"],"NIST SP 800-53":["AC-11(a)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 114px"><a href="#rule-detail-idm45508565110016" onclick="return openRuleDetailsDialog('idm45508565110016')">Install the screen Package</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_require_singleuser_auth" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_require_singleuser_auth" id="rule-overview-leaf-idm45508565099216" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-physical" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-92519r1_rule","SV-92519r1_rule"],"DISA CCI":["CCI-000213"],"DISA SRG":["SRG-OS-000080-GPOS-00048"],"DISA STIG":["RHEL-07-010481","RHEL-07-010481"],"NIST SP 800-171":["3.1.1","3.4.5"],"NIST SP 800-53":["IA-2(1)","AC-3"],"CIS Recommendation":["1.4.3"],"HIPAA":["164.308(a)(1)(ii)(B)","164.308(a)(7)(i)","164.308(a)(7)(ii)(A)","164.310(a)(1)","164.310(a)(2)(i)","164.310(a)(2)(ii)","164.310(a)(2)(iii)","164.310(b)","164.310(c)","164.310(d)(1)","164.310(d)(2)(iii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508565099216" onclick="return openRuleDetailsDialog('idm45508565099216')">Require Authentication for Single User Mode</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot" id="rule-overview-leaf-idm45508565093168" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-physical" data-references='{"DISA CCI":["CCI-000213"],"NIST SP 800-171":["3.1.2","3.4.5"],"NIST SP 800-53":["SC-2","AC-3"],"HIPAA":["164.308(a)(1)(ii)(B)","164.308(a)(7)(i)","164.308(a)(7)(ii)(A)","164.310(a)(1)","164.310(a)(2)(i)","164.310(a)(2)(ii)","164.310(a)(2)(iii)","164.310(b)","164.310(c)","164.310(d)(1)","164.310(d)(2)(iii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508565093168" onclick="return openRuleDetailsDialog('idm45508565093168')">Verify that Interactive Boot is Disabled</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" class="rule-overview-leaf rule-overview-leaf-notchecked rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" id="rule-overview-leaf-idm45508565085360" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-physical" data-references='{"NIST SP 800-171":["3.4.5"],"HIPAA":["164.308(a)(1)(ii)(B)","164.308(a)(7)(i)","164.308(a)(7)(ii)(A)","164.310(a)(1)","164.310(a)(2)(i)","164.310(a)(2)(ii)","164.310(a)(2)(iii)","164.310(b)","164.310(c)","164.310(d)(1)","164.310(d)(2)(iii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FIA_AFL.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508565085360" onclick="return openRuleDetailsDialog('idm45508565085360')">Disable debug-shell SystemD Service</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-notchecked"><div><abbr title="The Rule was not evaluated by the checking engine. This status is designed for Rule elements that have no check elements or that correspond to an unsupported checking system. It may also correspond to a status returned by a checking engine if the checking engine does not support the indicated check code.">notchecked</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-banners" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts-banners" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts"><td colspan="3" style="padding-left: 57px">Warning Banners for System Accesses<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_accounts-banners");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_gui_login_banner" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_gui_login_banner" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-banners"><td colspan="3" style="padding-left: 76px">Implement a GUI Warning Banner<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_gui_login_banner");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_banner_enabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_banner_enabled" id="rule-overview-leaf-idm45508565082672" data-tt-parent-id="xccdf_org.ssgproject.content_group_gui_login_banner" data-references='{"":["OS-SRG-000023-GPOS-00006"],"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86483r3_rule"],"DISA CCI":["CCI-000048"],"DISA SRG":["SRG-OS-000024-GPOS-00007","SRG-OS-000228-GPOS-00088"],"DISA STIG":["RHEL-07-010030"],"NIST SP 800-171":["3.1.9"],"NIST SP 800-53":["AC-8(a)","AC-8(b)","AC-8(c)(1)","AC-8(c)(2)","AC-8(c)(3)"],"CIS Recommendation":["1.7.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508565082672" onclick="return openRuleDetailsDialog('idm45508565082672')">Enable GNOME3 Login Warning Banner</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_login_banner_text" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_login_banner_text" id="rule-overview-leaf-idm45508565078592" data-tt-parent-id="xccdf_org.ssgproject.content_group_gui_login_banner" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86485r3_rule"],"DISA CCI":["CCI-000048"],"DISA SRG":["SRG-OS-000023-GPOS-00006","SRG-OS-000024-GPOS-00007","SRG-OS-000228-GPOS-00088"],"DISA STIG":["RHEL-07-010040"],"NIST SP 800-171":["3.1.9"],"NIST SP 800-53":["AC-8(a)","AC-8(b)","AC-8(c)"],"CIS Recommendation":["1.7.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508565078592" onclick="return openRuleDetailsDialog('idm45508565078592')">Set the GNOME3 Login Warning Banner Text</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_banner_etc_issue" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_banner_etc_issue" id="rule-overview-leaf-idm45508565070608" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-banners" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86487r2_rule"],"DISA CCI":["CCI-000048"],"DISA SRG":["SRG-OS-000023-GPOS-00006","SRG-OS-000024-GPOS-00007"],"DISA STIG":["RHEL-07-010050"],"NIST SP 800-171":["3.1.9"],"NIST SP 800-53":["AC-8(a)","AC-8(b)","AC-8(c)(1)","AC-8(c)(2)","AC-8(c)(3)"],"CIS Recommendation":["1.7.1.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508565070608" onclick="return openRuleDetailsDialog('idm45508565070608')">Modify the System Login Banner</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-pam" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts-pam" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts"><td colspan="3" style="padding-left: 57px">Protect Accounts by Configuring PAM<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_accounts-pam");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_locking_out_password_attempts" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_locking_out_password_attempts" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-pam"><td colspan="3" style="padding-left: 76px">Set Lockouts for Failed Password Attempts<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_locking_out_password_attempts");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny_root" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny_root" id="rule-overview-leaf-idm45508565058992" data-tt-parent-id="xccdf_org.ssgproject.content_group_locking_out_password_attempts" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86569r2_rule"],"DISA CCI":["CCI-002238"],"DISA SRG":["SRG-OS-000329-GPOS-00128","SRG-OS-000021-GPOS-00005"],"DISA STIG":["RHEL-07-010330"],"NIST SP 800-53":["AC-7(b)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508565058992" onclick="return openRuleDetailsDialog('idm45508565058992')">Configure the root Account for Failed Password Attempts</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time" id="rule-overview-leaf-idm45508565055232" data-tt-parent-id="xccdf_org.ssgproject.content_group_locking_out_password_attempts" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86567r3_rule"],"DISA CCI":["CCI-002238"],"DISA SRG":["SRG-OS-000329-GPOS-00128","SRG-OS-000021-GPOS-00005"],"DISA STIG":["RHEL-07-010320"],"NIST SP 800-171":["3.1.8"],"NIST SP 800-53":["AC-7(b)"],"CIS Recommendation":["5.3.2"],"FBI CJIS":["5.5.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-8.1.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508565055232" onclick="return openRuleDetailsDialog('idm45508565055232')">Set Lockout Time For Failed Password Attempts</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval" id="rule-overview-leaf-idm45508565048304" data-tt-parent-id="xccdf_org.ssgproject.content_group_locking_out_password_attempts" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86567r3_rule"],"DISA CCI":["CCI-002238"],"DISA SRG":["SRG-OS-000329-GPOS-00128","SRG-OS-000021-GPOS-00005"],"DISA STIG":["RHEL-07-010320"],"NIST SP 800-53":["AC-7(b)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508565048304" onclick="return openRuleDetailsDialog('idm45508565048304')">Set Interval For Counting Failed Password Attempts</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny" id="rule-overview-leaf-idm45508565043680" data-tt-parent-id="xccdf_org.ssgproject.content_group_locking_out_password_attempts" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86567r3_rule"],"DISA CCI":["CCI-002238"],"DISA SRG":["SRG-OS-000329-GPOS-00128","SRG-OS-000021-GPOS-00005"],"DISA STIG":["RHEL-07-010320"],"NIST SP 800-171":["3.1.8"],"NIST SP 800-53":["AC-7(b)"],"CIS Recommendation":["5.3.2"],"FBI CJIS":["5.5.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-8.1.6"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508565043680" onclick="return openRuleDetailsDialog('idm45508565043680')">Set Deny For Failed Password Attempts</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_password_quality" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_password_quality" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-pam"><td colspan="3" style="padding-left: 76px">Set Password Quality Requirements<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_password_quality");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_password_quality_pwquality" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_password_quality_pwquality" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality"><td colspan="3" style="padding-left: 95px">Set Password Quality Requirements with pam_pwquality<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_password_quality_pwquality");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen" id="rule-overview-leaf-idm45508565039136" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pwquality" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86559r1_rule"],"DISA CCI":["CCI-000205"],"DISA SRG":["SRG-OS-000078-GPOS-00046"],"DISA STIG":["RHEL-07-010280"],"NIST SP 800-53":["IA-5(1)(a)"],"CIS Recommendation":["6.3.2"],"FBI CJIS":["5.6.2.1.1"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-8.2.3"]}'><td style="padding-left: 114px"><a href="#rule-detail-idm45508565039136" onclick="return openRuleDetailsDialog('idm45508565039136')">Set Password Minimum Length</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit" id="rule-overview-leaf-idm45508565029904" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pwquality" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86531r2_rule"],"DISA CCI":["CCI-000194"],"DISA SRG":["SRG-OS-000071-GPOS-00039"],"DISA STIG":["RHEL-07-010140"],"NIST SP 800-53":["IA-5(1)(a)","IA-5(b)","IA-5(c)","194"],"CIS Recommendation":["6.3.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-8.2.3"]}'><td style="padding-left: 114px"><a href="#rule-detail-idm45508565029904" onclick="return openRuleDetailsDialog('idm45508565029904')">Set Password Strength Minimum Digit Characters</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit" id="rule-overview-leaf-idm45508565020624" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pwquality" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86533r1_rule"],"DISA CCI":["CCI-001619"],"DISA SRG":["SRG-OS-000266-GPOS-00101"],"DISA STIG":["RHEL-07-010150"],"NIST SP 800-53":["IA-5(b)","IA-5(c)","IA-5(1)(a)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 114px"><a href="#rule-detail-idm45508565020624" onclick="return openRuleDetailsDialog('idm45508565020624')">Set Password Strength Minimum Special Characters</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit" id="rule-overview-leaf-idm45508565016064" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pwquality" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86529r4_rule"],"DISA CCI":["CCI-000193"],"DISA SRG":["SRG-OS-000070-GPOS-00038"],"DISA STIG":["RHEL-07-010130"],"NIST SP 800-53":["IA-5(b)","IA-5(c)","IA-5(1)(a)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-8.2.3"]}'><td style="padding-left: 114px"><a href="#rule-detail-idm45508565016064" onclick="return openRuleDetailsDialog('idm45508565016064')">Set Password Strength Minimum Lowercase Characters</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit" id="rule-overview-leaf-idm45508565011552" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pwquality" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86527r2_rule"],"DISA CCI":["CCI-000192"],"DISA SRG":["SRG-OS-000069-GPOS-00037"],"DISA STIG":["RHEL-07-010120"],"NIST SP 800-53":["IA-5(b)","IA-5(c)","IA-5(1)(a)"],"CIS Recommendation":["6.3.2"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"],"PCI-DSS Requirement":["Req-8.2.3"]}'><td style="padding-left: 114px"><a href="#rule-detail-idm45508565011552" onclick="return openRuleDetailsDialog('idm45508565011552')">Set Password Strength Minimum Uppercase Characters</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_password_pam_retry" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_retry" id="rule-overview-leaf-idm45508565007040" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_quality_pwquality" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-87811r3_rule"],"DISA CCI":["CCI-000366"],"DISA SRG":["SRG-OS-000480-GPOS-00225"],"DISA STIG":["RHEL-07-010119"],"NIST SP 800-53":["CM-6(b)","IA-5(c)"],"CIS Recommendation":["6.3.2"],"FBI CJIS":["5.5.3"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FMT_MOF_EXT.1"]}'><td style="padding-left: 114px"><a href="#rule-detail-idm45508565007040" onclick="return openRuleDetailsDialog('idm45508565007040')">Set Password Retry Prompts Permitted Per-Session</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_auditing" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px"><strong>System Accounting with <tt>auditd</tt></strong> <span class="badge">18x fail</span> <span class="badge">2x notchecked</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_configure_auditd_data_retention" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_configure_auditd_data_retention" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditing"><td colspan="3" style="padding-left: 57px"><strong>Configure <tt>auditd</tt> Data Retention</strong> <span class="badge">2x notchecked</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_auditd_audispd_encrypt_sent_records" class="rule-overview-leaf rule-overview-leaf-notchecked rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_auditd_audispd_encrypt_sent_records" id="rule-overview-leaf-idm45508564982000" data-tt-parent-id="xccdf_org.ssgproject.content_group_configure_auditd_data_retention" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86709r1_rule"],"DISA CCI":["CCI-001851"],"DISA SRG":["SRG-OS-000342-GPOS-00133"],"DISA STIG":["RHEL-07-030310"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564982000" onclick="return openRuleDetailsDialog('idm45508564982000')">Encrypt Audit Records Sent With audispd Plugin</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-notchecked"><div><abbr title="The Rule was not evaluated by the checking engine. This status is designed for Rule elements that have no check elements or that correspond to an unsupported checking system. It may also correspond to a status returned by a checking engine if the checking engine does not support the indicated check code.">notchecked</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_auditd_audispd_configure_remote_server" class="rule-overview-leaf rule-overview-leaf-notchecked rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_auditd_audispd_configure_remote_server" id="rule-overview-leaf-idm45508564979312" data-tt-parent-id="xccdf_org.ssgproject.content_group_configure_auditd_data_retention" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86707r1_rule"],"DISA CCI":["CCI-001851"],"DISA SRG":["SRG-OS-000342-GPOS-00133"],"DISA STIG":["RHEL-07-030300"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564979312" onclick="return openRuleDetailsDialog('idm45508564979312')">Configure audispd Plugin To Send Logs To Remote Server</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-notchecked"><div><abbr title="The Rule was not evaluated by the checking engine. This status is designed for Rule elements that have no check elements or that correspond to an unsupported checking system. It may also correspond to a status returned by a checking engine if the checking engine does not support the indicated check code.">notchecked</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_auditd_audispd_syslog_plugin_activated" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_auditd_audispd_syslog_plugin_activated" id="rule-overview-leaf-idm45508564976176" data-tt-parent-id="xccdf_org.ssgproject.content_group_configure_auditd_data_retention" data-references='{"DISA CCI":["CCI-000136"],"NIST SP 800-171":["3.3.1"],"NIST SP 800-53":["AU-1(b)","AU-3(2)","IR-5"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(5)(ii)(B)","164.308(a)(5)(ii)(C)","164.308(a)(6)(ii)","164.308(a)(8)","164.310(d)(2)(iii)","164.312(b)","164.314(a)(2)(i)(C)","164.314(a)(2)(iii)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.3"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564976176" onclick="return openRuleDetailsDialog('idm45508564976176')">Configure auditd to use audispd's syslog plugin</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_auditd_configure_rules" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditing"><td colspan="3" style="padding-left: 57px"><strong>Configure <tt>auditd</tt> Rules for Comprehensive Auditing</strong> <span class="badge">18x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_kernel_module_loading" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_kernel_module_loading" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record Information on Kernel Modules Loading and Unloading<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_kernel_module_loading");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_rmmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_rmmod" id="rule-overview-leaf-idm45508564947200" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_kernel_module_loading" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86817r3_rule"],"DISA CCI":["CCI-000172"],"DISA SRG":["SRG-OS-000471-GPOS-00216","SRG-OS-000477-GPOS-00222"],"DISA STIG":["RHEL-07-030850"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.17"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564947200" onclick="return openRuleDetailsDialog('idm45508564947200')">Ensure auditd Collects Information on Kernel Module Unloading - rmmod</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_modprobe" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_modprobe" id="rule-overview-leaf-idm45508564941120" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_kernel_module_loading" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86819r3_rule"],"DISA CCI":["CCI-000172"],"DISA SRG":["SRG-OS-000471-GPOS-00216","SRG-OS-000477-GPOS-00222"],"DISA STIG":["RHEL-07-030860"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.17"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564941120" onclick="return openRuleDetailsDialog('idm45508564941120')">Ensure auditd Collects Information on Kernel Module Loading and Unloading - modprobe</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete" id="rule-overview-leaf-idm45508564937360" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_kernel_module_loading" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86813r3_rule"],"DISA CCI":["CCI-000172"],"DISA SRG":["SRG-OS-000471-GPOS-00216","SRG-OS-000477-GPOS-00222"],"DISA STIG":["RHEL-07-030830"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.17"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564937360" onclick="return openRuleDetailsDialog('idm45508564937360')">Ensure auditd Collects Information on Kernel Module Unloading - delete_module</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_insmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_insmod" id="rule-overview-leaf-idm45508564931312" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_kernel_module_loading" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86815r3_rule"],"DISA CCI":["CCI-000172"],"DISA SRG":["SRG-OS-000471-GPOS-00216","SRG-OS-000477-GPOS-00222"],"DISA STIG":["RHEL-07-030840"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.17"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564931312" onclick="return openRuleDetailsDialog('idm45508564931312')">Ensure auditd Collects Information on Kernel Module Loading - insmod</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" id="rule-overview-leaf-idm45508564925808" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_kernel_module_loading" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86811r3_rule"],"DISA CCI":["CCI-000172"],"DISA SRG":["SRG-OS-000471-GPOS-00216","SRG-OS-000477-GPOS-00222"],"DISA STIG":["RHEL-07-030820"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.17"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564925808" onclick="return openRuleDetailsDialog('idm45508564925808')">Ensure auditd Collects Information on Kernel Module Loading - init_module</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_login_events" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_login_events" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record Attempts to Alter Logon and Logout Events<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_login_events");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog" id="rule-overview-leaf-idm45508564919776" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_login_events" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86771r2_rule"],"DISA CCI":["CCI-000172","CCI-002884","CCI-000126"],"DISA SRG":["SRG-OS-000392-GPOS-00172","SRG-OS-000470-GPOS-00214","SRG-OS-000473-GPOS-00218"],"DISA STIG":["RHEL-07-030620"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.8"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564919776" onclick="return openRuleDetailsDialog('idm45508564919776')">Record Attempts to Alter Logon and Logout Events - lastlog</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock" id="rule-overview-leaf-idm45508564916048" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_login_events" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86769r3_rule"],"DISA CCI":["CCI-000172","CCI-002884","CCI-000126"],"DISA SRG":["SRG-OS-000392-GPOS-00172","SRG-OS-000470-GPOS-00214","SRG-OS-000473-GPOS-00218"],"DISA STIG":["RHEL-07-030610"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.8"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564916048" onclick="return openRuleDetailsDialog('idm45508564916048')">Record Attempts to Alter Logon and Logout Events - faillock</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_login_events_tallylog" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_tallylog" id="rule-overview-leaf-idm45508564912368" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_login_events" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86767r2_rule"],"DISA CCI":["CCI-000172","CCI-002884","CCI-000126"],"DISA SRG":["SRG-OS-000392-GPOS-00172","SRG-OS-000470-GPOS-00214","SRG-OS-000473-GPOS-00218"],"DISA STIG":["RHEL-07-030600"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.8"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564912368" onclick="return openRuleDetailsDialog('idm45508564912368')">Record Attempts to Alter Logon and Logout Events - tallylog</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_dac_actions" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_dac_actions" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record Events that Modify the System's Discretionary Access Controls<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_dac_actions");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown" id="rule-overview-leaf-idm45508564896816" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86723r3_rule"],"DISA CCI":["CCI-000126","CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000474-GPOS-00219"],"DISA STIG":["RHEL-07-030380"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564896816" onclick="return openRuleDetailsDialog('idm45508564896816')">Record Events that Modify the System's Discretionary Access Controls - fchown</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr" id="rule-overview-leaf-idm45508564893088" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86735r3_rule"],"DISA CCI":["CCI-000126","CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203"],"DISA STIG":["RHEL-07-030440"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564893088" onclick="return openRuleDetailsDialog('idm45508564893088')">Record Events that Modify the System's Discretionary Access Controls - setxattr</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr" id="rule-overview-leaf-idm45508564889408" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86737r3_rule"],"DISA CCI":["CCI-000126","CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203"],"DISA STIG":["RHEL-07-030450"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564889408" onclick="return openRuleDetailsDialog('idm45508564889408')">Record Events that Modify the System's Discretionary Access Controls - fsetxattr</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown" id="rule-overview-leaf-idm45508564885712" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86721r3_rule"],"DISA CCI":["CCI-000126","CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000474-GPOS-00219"],"DISA STIG":["RHEL-07-030370"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564885712" onclick="return openRuleDetailsDialog('idm45508564885712')">Record Events that Modify the System's Discretionary Access Controls - chown</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat" id="rule-overview-leaf-idm45508564882032" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86727r3_rule"],"DISA CCI":["CCI-000126","CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000474-GPOS-00219"],"DISA STIG":["RHEL-07-030400"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564882032" onclick="return openRuleDetailsDialog('idm45508564882032')">Record Events that Modify the System's Discretionary Access Controls - fchownat</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown" id="rule-overview-leaf-idm45508564878352" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86725r3_rule"],"DISA CCI":["CCI-000126","CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000474-GPOS-00219"],"DISA STIG":["RHEL-07-030390"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564878352" onclick="return openRuleDetailsDialog('idm45508564878352')">Record Events that Modify the System's Discretionary Access Controls - lchown</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod" id="rule-overview-leaf-idm45508564874672" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86729r3_rule"],"DISA CCI":["CCI-000126","CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203"],"DISA STIG":["RHEL-07-030410"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564874672" onclick="return openRuleDetailsDialog('idm45508564874672')">Record Events that Modify the System's Discretionary Access Controls - chmod</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr" id="rule-overview-leaf-idm45508564870992" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86741r3_rule"],"DISA CCI":["CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203"],"DISA STIG":["RHEL-07-030470"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564870992" onclick="return openRuleDetailsDialog('idm45508564870992')">Record Events that Modify the System's Discretionary Access Controls - removexattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr" id="rule-overview-leaf-idm45508564867296" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86743r3_rule"],"DISA CCI":["CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203"],"DISA STIG":["RHEL-07-030480"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564867296" onclick="return openRuleDetailsDialog('idm45508564867296')">Record Events that Modify the System's Discretionary Access Controls - fremovexattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr" id="rule-overview-leaf-idm45508564863584" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86739r3_rule"],"DISA CCI":["CCI-000126","CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203","SRG-OS-000474-GPOS-00219"],"DISA STIG":["RHEL-07-030460"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564863584" onclick="return openRuleDetailsDialog('idm45508564863584')">Record Events that Modify the System's Discretionary Access Controls - lsetxattr</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod" id="rule-overview-leaf-idm45508564859888" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86731r3_rule"],"DISA CCI":["CCI-000126","CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203"],"DISA STIG":["RHEL-07-030420"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564859888" onclick="return openRuleDetailsDialog('idm45508564859888')">Record Events that Modify the System's Discretionary Access Controls - fchmod</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr" id="rule-overview-leaf-idm45508564856208" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86745r3_rule"],"DISA CCI":["CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203"],"DISA STIG":["RHEL-07-030490"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564856208" onclick="return openRuleDetailsDialog('idm45508564856208')">Record Events that Modify the System's Discretionary Access Controls - lremovexattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat" id="rule-overview-leaf-idm45508564852496" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_dac_actions" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86733r3_rule"],"DISA CCI":["CCI-000126","CCI-000172"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000392-GPOS-00172","SRG-OS-000458-GPOS-00203"],"DISA STIG":["RHEL-07-030430"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564852496" onclick="return openRuleDetailsDialog('idm45508564852496')">Record Events that Modify the System's Discretionary Access Controls - fchmodat</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_execution_selinux_commands" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_execution_selinux_commands" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record Execution Attempts to Run SELinux Privileged Commands<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_execution_selinux_commands");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_execution_seunshare" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_seunshare" id="rule-overview-leaf-idm45508564848816" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_execution_selinux_commands" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564848816" onclick="return openRuleDetailsDialog('idm45508564848816')">Record Any Attempts to Run seunshare</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_execution_setsebool" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_setsebool" id="rule-overview-leaf-idm45508564844032" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_execution_selinux_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86761r3_rule"],"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000392-GPOS-00172","SRG-OS-000463-GPOS-00207","SRG-OS-000465-GPOS-00209"],"DISA STIG":["RHEL-07-030570"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564844032" onclick="return openRuleDetailsDialog('idm45508564844032')">Record Any Attempts to Run setsebool</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_execution_semanage" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_semanage" id="rule-overview-leaf-idm45508564840352" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_execution_selinux_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86759r3_rule"],"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000392-GPOS-00172","SRG-OS-000463-GPOS-00207","SRG-OS-000465-GPOS-00209"],"DISA STIG":["RHEL-07-030560"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564840352" onclick="return openRuleDetailsDialog('idm45508564840352')">Record Any Attempts to Run semanage</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_execution_chcon" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_chcon" id="rule-overview-leaf-idm45508564836672" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_execution_selinux_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86763r3_rule"],"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000392-GPOS-00172","SRG-OS-000463-GPOS-00207","SRG-OS-000465-GPOS-00209"],"DISA STIG":["RHEL-07-030580"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564836672" onclick="return openRuleDetailsDialog('idm45508564836672')">Record Any Attempts to Run chcon</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_execution_restorecon" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_restorecon" id="rule-overview-leaf-idm45508564832992" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_execution_selinux_commands" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000392-GPOS-00172","SRG-OS-000463-GPOS-00207","SRG-OS-000465-GPOS-00209"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564832992" onclick="return openRuleDetailsDialog('idm45508564832992')">Record Any Attempts to Run restorecon</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_file_deletion_events" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_file_deletion_events" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px">Record File Deletion Events by User<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_audit_file_deletion_events");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir" id="rule-overview-leaf-idm45508564829312" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_deletion_events" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86827r3_rule"],"DISA CCI":["CCI-000366","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000466-GPOS-00210","SRG-OS-000467-GPOS-00210","SRG-OS-000468-GPOS-00212","SRG-OS-000392-GPOS-00172"],"DISA STIG":["RHEL-07-030900"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5","MA-4(1)(a)"],"CIS Recommendation":["5.2.14"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564829312" onclick="return openRuleDetailsDialog('idm45508564829312')">Ensure auditd Collects File Deletion Events by User - rmdir</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat" id="rule-overview-leaf-idm45508564825616" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_deletion_events" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86831r3_rule"],"DISA CCI":["CCI-000366","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000466-GPOS-00210","SRG-OS-000467-GPOS-00210","SRG-OS-000468-GPOS-00212","SRG-OS-000392-GPOS-00172"],"DISA STIG":["RHEL-07-030920"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5","MA-4(1)(a)"],"CIS Recommendation":["5.2.14"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564825616" onclick="return openRuleDetailsDialog('idm45508564825616')">Ensure auditd Collects File Deletion Events by User - unlinkat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename" id="rule-overview-leaf-idm45508564819568" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_deletion_events" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86823r3_rule"],"DISA CCI":["CCI-000366","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000466-GPOS-00210","SRG-OS-000467-GPOS-00210","SRG-OS-000468-GPOS-00212","SRG-OS-000392-GPOS-00172"],"DISA STIG":["RHEL-07-030880"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5","MA-4(1)(a)"],"CIS Recommendation":["5.2.14"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564819568" onclick="return openRuleDetailsDialog('idm45508564819568')">Ensure auditd Collects File Deletion Events by User - rename</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat" id="rule-overview-leaf-idm45508564815824" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_deletion_events" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86825r3_rule"],"DISA CCI":["CCI-000366","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000466-GPOS-00210","SRG-OS-000467-GPOS-00210","SRG-OS-000468-GPOS-00212","SRG-OS-000392-GPOS-00172"],"DISA STIG":["RHEL-07-030890"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5","MA-4(1)(a)"],"CIS Recommendation":["5.2.14"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564815824" onclick="return openRuleDetailsDialog('idm45508564815824')">Ensure auditd Collects File Deletion Events by User - renameat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink" id="rule-overview-leaf-idm45508564812112" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_file_deletion_events" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86829r3_rule"],"DISA CCI":["CCI-000366","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000466-GPOS-00210","SRG-OS-000467-GPOS-00210","SRG-OS-000468-GPOS-00212","SRG-OS-000392-GPOS-00172"],"DISA STIG":["RHEL-07-030910"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5","MA-4(1)(a)"],"CIS Recommendation":["5.2.14"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.7"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564812112" onclick="return openRuleDetailsDialog('idm45508564812112')">Ensure auditd Collects File Deletion Events by User - unlink</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_privileged_commands" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px"><strong>Record Information on the Use of Privileged Commands</strong> <span class="badge">2x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passwd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passwd" id="rule-overview-leaf-idm45508564808416" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86773r3_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030630"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564808416" onclick="return openRuleDetailsDialog('idm45508564808416')">Ensure auditd Collects Information on the Use of Privileged Commands - passwd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudo" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564804720" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86785r3_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030690"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564804720" onclick="return openRuleDetailsDialog('idm45508564804720')">Ensure auditd Collects Information on the Use of Privileged Commands - sudo</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_usernetctl" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_usernetctl" id="rule-overview-leaf-idm45508564801040" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564801040" onclick="return openRuleDetailsDialog('idm45508564801040')">Ensure auditd Collects Information on the Use of Privileged Commands - usernetctl</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh" id="rule-overview-leaf-idm45508564795616" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86791r3_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030720"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564795616" onclick="return openRuleDetailsDialog('idm45508564795616')">Ensure auditd Collects Information on the Use of Privileged Commands - chsh</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgidmap" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgidmap" id="rule-overview-leaf-idm45508564791888" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564791888" onclick="return openRuleDetailsDialog('idm45508564791888')">Ensure auditd Collects Information on the Use of Privileged Commands - newgidmap</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage" id="rule-overview-leaf-idm45508564786464" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86779r3_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030660"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564786464" onclick="return openRuleDetailsDialog('idm45508564786464')">Ensure auditd Collects Information on the Use of Privileged Commands - chage</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_userhelper" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_userhelper" id="rule-overview-leaf-idm45508564782736" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86781r3_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030670"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564782736" onclick="return openRuleDetailsDialog('idm45508564782736')">Ensure auditd Collects Information on the Use of Privileged Commands - userhelper</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_at" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_at" id="rule-overview-leaf-idm45508564779024" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564779024" onclick="return openRuleDetailsDialog('idm45508564779024')">Ensure auditd Collects Information on the Use of Privileged Commands - at</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab" id="rule-overview-leaf-idm45508564773632" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86807r2_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030800"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564773632" onclick="return openRuleDetailsDialog('idm45508564773632')">Ensure auditd Collects Information on the Use of Privileged Commands - crontab</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_umount" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_umount" id="rule-overview-leaf-idm45508564769888" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86797r4_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030750"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564769888" onclick="return openRuleDetailsDialog('idm45508564769888')">Ensure auditd Collects Information on the Use of Privileged Commands - umount</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd" id="rule-overview-leaf-idm45508564766192" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86775r4_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030640"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564766192" onclick="return openRuleDetailsDialog('idm45508564766192')">Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pt_chown" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pt_chown" id="rule-overview-leaf-idm45508564762480" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564762480" onclick="return openRuleDetailsDialog('idm45508564762480')">Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_keysign" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_keysign" id="rule-overview-leaf-idm45508564758784" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86803r2_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030780"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564758784" onclick="return openRuleDetailsDialog('idm45508564758784')">Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudoedit" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564755072" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86793r4_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030730"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564755072" onclick="return openRuleDetailsDialog('idm45508564755072')">Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_mount" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_mount" id="rule-overview-leaf-idm45508564751376" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564751376" onclick="return openRuleDetailsDialog('idm45508564751376')">Ensure auditd Collects Information on the Use of Privileged Commands - mount</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newuidmap" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newuidmap" id="rule-overview-leaf-idm45508564748336" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564748336" onclick="return openRuleDetailsDialog('idm45508564748336')">Ensure auditd Collects Information on the Use of Privileged Commands - newuidmap</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd" id="rule-overview-leaf-idm45508564745264" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86777r3_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030650"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564745264" onclick="return openRuleDetailsDialog('idm45508564745264')">Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_su" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_su" id="rule-overview-leaf-idm45508564739232" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86783r4_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030680"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564739232" onclick="return openRuleDetailsDialog('idm45508564739232')">Ensure auditd Collects Information on the Use of Privileged Commands - su</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp" id="rule-overview-leaf-idm45508564735504" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_privileged_commands" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86789r3_rule"],"DISA CCI":["CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030710"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AU-3(1)","AU-12(c)"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564735504" onclick="return openRuleDetailsDialog('idm45508564735504')">Ensure auditd Collects Information on the Use of Privileged Commands - newgrp</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules"><td colspan="3" style="padding-left: 76px"><strong>Record Unauthorized Access Attempts Events to Files (unsuccessful)</strong> <span class="badge">9x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat" id="rule-overview-leaf-idm45508564731808" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564731808" onclick="return openRuleDetailsDialog('idm45508564731808')">Record Unsuccessul Delete Attempts to Files - renameat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_chmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_chmod" id="rule-overview-leaf-idm45508564728736" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564728736" onclick="return openRuleDetailsDialog('idm45508564728736')">Record Unsuccessul Permission Changes to Files - chmod</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_o_trunc_write" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564725664" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564725664" onclick="return openRuleDetailsDialog('idm45508564725664')">Record Unauthorized Modification Attempts to Files - open O_TRUNC</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchownat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchownat" id="rule-overview-leaf-idm45508564722560" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564722560" onclick="return openRuleDetailsDialog('idm45508564722560')">Record Unsuccessul Ownership Changes to Files - fchownat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_o_creat" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564719456" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564719456" onclick="return openRuleDetailsDialog('idm45508564719456')">Record Unauthorized Creation Attempts to Files - openat O_CREAT</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lchown" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lchown" id="rule-overview-leaf-idm45508564716352" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564716352" onclick="return openRuleDetailsDialog('idm45508564716352')">Record Unsuccessul Ownership Changes to Files - lchown</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate" id="rule-overview-leaf-idm45508564713280" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86755r3_rule"],"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"DISA STIG":["RHEL-07-030540"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564713280" onclick="return openRuleDetailsDialog('idm45508564713280')">Record Unauthorized Access Attempts to Files (unsuccessful) - truncate</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_removexattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_removexattr" id="rule-overview-leaf-idm45508564709568" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564709568" onclick="return openRuleDetailsDialog('idm45508564709568')">Record Unsuccessul Permission Changes to Files - removexattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_chown" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_chown" id="rule-overview-leaf-idm45508564706480" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564706480" onclick="return openRuleDetailsDialog('idm45508564706480')">Record Unsuccessul Ownership Changes to Files - chown</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchown" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchown" id="rule-overview-leaf-idm45508564703408" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564703408" onclick="return openRuleDetailsDialog('idm45508564703408')">Record Unsuccessul Ownership Changes to Files - fchown</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchmodat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchmodat" id="rule-overview-leaf-idm45508564700336" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564700336" onclick="return openRuleDetailsDialog('idm45508564700336')">Record Unsuccessul Permission Changes to Files - fchmodat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_setxattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_setxattr" id="rule-overview-leaf-idm45508564697264" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564697264" onclick="return openRuleDetailsDialog('idm45508564697264')">Record Unsuccessul Permission Changes to Files - setxattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lremovexattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lremovexattr" id="rule-overview-leaf-idm45508564694192" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564694192" onclick="return openRuleDetailsDialog('idm45508564694192')">Record Unsuccessul Permission Changes to Files - lremovexattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat" id="rule-overview-leaf-idm45508564691104" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86747r3_rule"],"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"DISA STIG":["RHEL-07-030500"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564691104" onclick="return openRuleDetailsDialog('idm45508564691104')">Record Unauthorized Access Attempts to Files (unsuccessful) - creat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_o_creat" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564687392" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564687392" onclick="return openRuleDetailsDialog('idm45508564687392')">Record Unauthorized Creation Attempts to Files - open O_CREAT</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fremovexattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fremovexattr" id="rule-overview-leaf-idm45508564684304" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564684304" onclick="return openRuleDetailsDialog('idm45508564684304')">Record Unsuccessul Permission Changes to Files - fremovexattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlink" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlink" id="rule-overview-leaf-idm45508564681216" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564681216" onclick="return openRuleDetailsDialog('idm45508564681216')">Record Unsuccessul Delete Attempts to Files - unlink</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fsetxattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fsetxattr" id="rule-overview-leaf-idm45508564678144" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564678144" onclick="return openRuleDetailsDialog('idm45508564678144')">Record Unsuccessul Permission Changes to Files - fsetxattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_rule_order" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564675072" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564675072" onclick="return openRuleDetailsDialog('idm45508564675072')">Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_rule_order" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564671968" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564671968" onclick="return openRuleDetailsDialog('idm45508564671968')">Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open" id="rule-overview-leaf-idm45508564668864" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86749r3_rule"],"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"DISA STIG":["RHEL-07-030510"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564668864" onclick="return openRuleDetailsDialog('idm45508564668864')">Record Unauthorized Access Attempts to Files (unsuccessful) - open</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lsetxattr" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lsetxattr" id="rule-overview-leaf-idm45508564665152" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564665152" onclick="return openRuleDetailsDialog('idm45508564665152')">Record Unsuccessul Permission Changes to Files - lsetxattr</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564662080" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564662080" onclick="return openRuleDetailsDialog('idm45508564662080')">Record Unauthorized Creation Attempts to Files - open_by_handle_at O_CREAT</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at" id="rule-overview-leaf-idm45508564658976" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86753r3_rule"],"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"DISA STIG":["RHEL-07-030530"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564658976" onclick="return openRuleDetailsDialog('idm45508564658976')">Record Unauthorized Access Attempts to Files (unsuccessful) - open_by_handle_at</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate" id="rule-overview-leaf-idm45508564655232" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86757r3_rule"],"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"DISA STIG":["RHEL-07-030550"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564655232" onclick="return openRuleDetailsDialog('idm45508564655232')">Record Unauthorized Access Attempts to Files (unsuccessful) - ftruncate</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564651520" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564651520" onclick="return openRuleDetailsDialog('idm45508564651520')">Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlinkat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlinkat" id="rule-overview-leaf-idm45508564648400" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564648400" onclick="return openRuleDetailsDialog('idm45508564648400')">Record Unsuccessul Delete Attempts to Files - unlinkat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_o_trunc_write" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564645328" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564645328" onclick="return openRuleDetailsDialog('idm45508564645328')">Record Unauthorized Modification Attempts to Files - openat O_TRUNC</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchmod" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchmod" id="rule-overview-leaf-idm45508564639872" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564639872" onclick="return openRuleDetailsDialog('idm45508564639872')">Record Unsuccessul Permission Changes to Files - fchmod</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564636752" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564636752" onclick="return openRuleDetailsDialog('idm45508564636752')">Record Unauthorized Modification Attempts to Files - open_by_handle_at O_TRUNC</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat" id="rule-overview-leaf-idm45508564633616" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86751r3_rule"],"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"DISA STIG":["RHEL-07-030520"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564633616" onclick="return openRuleDetailsDialog('idm45508564633616')">Record Unauthorized Access Attempts to Files (unsuccessful) - openat</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_rename" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_rename" id="rule-overview-leaf-idm45508564629904" data-tt-parent-id="xccdf_org.ssgproject.content_group_audit_unsuccessful_file_modification" data-references='{"DISA CCI":["CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000064-GPOS-00033","SRG-OS-000458-GPOS-00203","SRG-OS-000461-GPOS-00205","SRG-OS-000392-GPOS-00172"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.10"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.4","Req-10.2.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564629904" onclick="return openRuleDetailsDialog('idm45508564629904')">Record Unsuccessul Delete Attempts to Files - rename</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions" id="rule-overview-leaf-idm45508564626832" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86787r4_rule"],"DISA CCI":["CCI-000126","CCI-000130","CCI-000135","CCI-000172","CCI-002884"],"DISA SRG":["SRG-OS-000037-GPOS-00015","SRG-OS-000042-GPOS-00020","SRG-OS-000392-GPOS-00172","SRG-OS-000462-GPOS-00206","SRG-OS-000471-GPOS-00215"],"DISA STIG":["RHEL-07-030700"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(7)(b)","AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","iAU-3(1)","AU-12(a)","AU-12(c)","IR-5"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.2","Req-10.2.5.b"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564626832" onclick="return openRuleDetailsDialog('idm45508564626832')">Ensure auditd Collects System Administrator Actions</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open_by_handle_at" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564618416" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564618416" onclick="return openRuleDetailsDialog('idm45508564618416')">Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open_by_handle_at" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564615312" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564615312" onclick="return openRuleDetailsDialog('idm45508564615312')">Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564612256" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564612256" onclick="return openRuleDetailsDialog('idm45508564612256')">Record Events that Modify User/Group Information via open syscall - /etc/passwd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_session_events" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_session_events" id="rule-overview-leaf-idm45508564609216" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.9"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.3"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564609216" onclick="return openRuleDetailsDialog('idm45508564609216')">Record Attempts to Alter Process and Session Initiation Information</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_etc_group_openat" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564605536" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564605536" onclick="return openRuleDetailsDialog('idm45508564605536')">Record Events that Modify User/Group Information via openat syscall - /etc/group</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_immutable" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_immutable" id="rule-overview-leaf-idm45508564602496" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.3.1","3.4.3"],"NIST SP 800-53":["AC-6","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","IR-5"],"CIS Recommendation":["4.1.18"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.310(a)(2)(iv)","164.312(d)","164.310(d)(2)(iii)","164.312(b)","164.312(e)"],"PCI-DSS Requirement":["Req-10.5.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564602496" onclick="return openRuleDetailsDialog('idm45508564602496')">Make the auditd Configuration Immutable</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564598848" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564598848" onclick="return openRuleDetailsDialog('idm45508564598848')">Record Events that Modify User/Group Information via open syscall - /etc/group</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow" id="rule-overview-leaf-idm45508564595808" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-87823r3_rule"],"DISA CCI":["CCI-000018","CCI-000172","CCI-001403","CCI-002130"],"DISA SRG":["SRG-OS-000004-GPOS-00004"],"DISA STIG":["RHEL-07-030873"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.5"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564595808" onclick="return openRuleDetailsDialog('idm45508564595808')">Record Events that Modify User/Group Information - /etc/shadow</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_openat" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564592096" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564592096" onclick="return openRuleDetailsDialog('idm45508564592096')">Record Events that Modify User/Group Information via openat syscall - /etc/passwd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_directory_access_var_log_audit" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564589056" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564589056" onclick="return openRuleDetailsDialog('idm45508564589056')">Record Access Events to Audit Log directory</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd" id="rule-overview-leaf-idm45508564579552" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-87825r4_rule"],"DISA CCI":["CCI-000018","CCI-000172","CCI-001403","CCI-002130"],"DISA SRG":["SRG-OS-000004-GPOS-00004"],"DISA STIG":["RHEL-07-030874"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.5"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564579552" onclick="return openRuleDetailsDialog('idm45508564579552')">Record Events that Modify User/Group Information - /etc/security/opasswd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_mac_modification" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_mac_modification" id="rule-overview-leaf-idm45508564575792" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"NIST SP 800-171":["3.1.8"],"NIST SP 800-53":["AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.7"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.5.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564575792" onclick="return openRuleDetailsDialog('idm45508564575792')">Record Events that Modify the System's Mandatory Access Controls</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow" id="rule-overview-leaf-idm45508564567392" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-87819r3_rule"],"DISA CCI":["CCI-000018","CCI-000172","CCI-001403","CCI-002130"],"DISA SRG":["SRG-OS-000004-GPOS-00004"],"DISA STIG":["RHEL-07-030872"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.5"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564567392" onclick="return openRuleDetailsDialog('idm45508564567392')">Record Events that Modify User/Group Information - /etc/gshadow</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd" id="rule-overview-leaf-idm45508564563632" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86821r4_rule"],"DISA CCI":["CCI-000018","CCI-000172","CCI-001403","CCI-002130"],"DISA SRG":["SRG-OS-000004-GPOS-00004","SRG-OS-000239-GPOS-00089","SRG-OS-000240-GPOS-00090","SRG-OS-000241-GPOS-00091","SRG-OS-000303-GPOS-00120","SRG-OS-000476-GPOS-00221"],"DISA STIG":["RHEL-07-030870"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.5"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564563632" onclick="return openRuleDetailsDialog('idm45508564563632')">Record Events that Modify User/Group Information - /etc/passwd</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group" id="rule-overview-leaf-idm45508564559920" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditd_configure_rules" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-87817r2_rule"],"DISA CCI":["CCI-000018","CCI-000172","CCI-001403","CCI-002130"],"DISA SRG":["SRG-OS-000004-GPOS-00004"],"DISA STIG":["RHEL-07-030871"],"NIST SP 800-171":["3.1.7"],"NIST SP 800-53":["AC-2(4)","AC-17(7)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-12(a)","AU-12(c)","IR-5"],"CIS Recommendation":["5.2.5"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)(ii)(A)","164.308(a)(5)(ii)(C)","164.312(a)(2)(i)","164.312(b)","164.312(d)","164.312(e)"],"https://www.niap-ccevs.org/Profile/PP.cfm":["FAU_GEN.1.1.c"],"PCI-DSS Requirement":["Req-10.2.5"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564559920" onclick="return openRuleDetailsDialog('idm45508564559920')">Record Events that Modify User/Group Information - /etc/group</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_audit_backlog_limit_argument" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_grub2_audit_backlog_limit_argument" id="rule-overview-leaf-idm45508564556224" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditing" data-references="{}"><td style="padding-left: 57px"><a href="#rule-detail-idm45508564556224" onclick="return openRuleDetailsDialog('idm45508564556224')">Extend Audit Backlog Limit for the Audit Daemon</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_audit_argument" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_grub2_audit_argument" id="rule-overview-leaf-idm45508564553184" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditing" data-references='{"DISA CCI":["CCI-001464","CCI-000130"],"NIST SP 800-171":["3.3.1"],"NIST SP 800-53":["AC-17(1)","AU-14(1)","AU-1(b)","AU-2(a)","AU-2(c)","AU-2(d)","AU-10","IR-5"],"CIS Recommendation":["4.1.3"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(5)(ii)(C)","164.310(a)(2)(iv)","164.310(d)(2)(iii)","164.312(b)"],"PCI-DSS Requirement":["Req-10.3"]}'><td style="padding-left: 57px"><a href="#rule-detail-idm45508564553184" onclick="return openRuleDetailsDialog('idm45508564553184')">Enable Auditing for Processes Which Start Prior to the Audit Daemon</a></td><td class="rule-severity" style="text-align: center">medium</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_service_auditd_enabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_service_auditd_enabled" id="rule-overview-leaf-idm45508564547792" data-tt-parent-id="xccdf_org.ssgproject.content_group_auditing" data-references='{"http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx":["SV-86703r2_rule"],"DISA CCI":["CCI-000126","CCI-000131"],"DISA SRG":["SRG-OS-000038-GPOS-00016","SRG-OS-000039-GPOS-00017","SRG-OS-000042-GPOS-00021","SRG-OS-000254-GPOS-00095","SRG-OS-000255-GPOS-00096"],"DISA STIG":["RHEL-07-030000"],"NIST SP 800-171":["3.3.1","3.3.2","3.3.6"],"NIST SP 800-53":["AU-3","AC-17(1)","AU-1(b)","AU-10","AU-12(a)","AU-12(c)","AU-14(1)","IR-5"],"CIS Recommendation":["4.1.2"],"FBI CJIS":["5.4.1.1"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(5)(ii)(C)","164.310(a)(2)(iv)","164.310(d)(2)(iii)","164.312(b)"],"PCI-DSS Requirement":["Req-10"]}'><td style="padding-left: 57px"><a href="#rule-detail-idm45508564547792" onclick="return openRuleDetailsDialog('idm45508564547792')">Enable auditd Service</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_permissions" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_permissions" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px"><strong>File Permissions and Masks</strong> <span class="badge">1x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_restrictions" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_restrictions" data-tt-parent-id="xccdf_org.ssgproject.content_group_permissions"><td colspan="3" style="padding-left: 57px">Restrict Programs from Dangerous Execution Patterns<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_restrictions");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_poisoning" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_poisoning" data-tt-parent-id="xccdf_org.ssgproject.content_group_restrictions"><td colspan="3" style="padding-left: 76px">Memory Poisoning<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_poisoning");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_slub_debug_argument" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_grub2_slub_debug_argument" id="rule-overview-leaf-idm45508564487008" data-tt-parent-id="xccdf_org.ssgproject.content_group_poisoning" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564487008" onclick="return openRuleDetailsDialog('idm45508564487008')">Enable SLUB/SLAB allocator poisoning</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_page_poison_argument" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_grub2_page_poison_argument" id="rule-overview-leaf-idm45508564483920" data-tt-parent-id="xccdf_org.ssgproject.content_group_poisoning" data-references="{}"><td style="padding-left: 95px"><a href="#rule-detail-idm45508564483920" onclick="return openRuleDetailsDialog('idm45508564483920')">Enable page allocator poisoning</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_enable_execshield_settings" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_enable_execshield_settings" data-tt-parent-id="xccdf_org.ssgproject.content_group_restrictions"><td colspan="3" style="padding-left: 76px">Enable ExecShield<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_enable_execshield_settings");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sysctl_kernel_kptr_restrict" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sysctl_kernel_kptr_restrict" id="rule-overview-leaf-idm45508564471392" data-tt-parent-id="xccdf_org.ssgproject.content_group_enable_execshield_settings" data-references='{"ANSSI":["NT28(R23)"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45508564471392" onclick="return openRuleDetailsDialog('idm45508564471392')">Restrict exposed kernel pointers addresses access</a></td><td class="rule-severity" style="text-align: center">low</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sysctl_kernel_kexec_load_disabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sysctl_kernel_kexec_load_disabled" id="rule-overview-leaf-idm45508564463584" data-tt-parent-id="xccdf_org.ssgproject.content_group_restrictions" data-references="{}"><td style="padding-left: 76px"><a href="#rule-detail-idm45508564463584" onclick="return openRuleDetailsDialog('idm45508564463584')">Disable kernel image loading</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_vsyscall_argument" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_grub2_vsyscall_argument" id="rule-overview-leaf-idm45508564460496" data-tt-parent-id="xccdf_org.ssgproject.content_group_restrictions" data-references="{}"><td style="padding-left: 76px"><a href="#rule-detail-idm45508564460496" onclick="return openRuleDetailsDialog('idm45508564460496')">Disable vsyscalls</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sysctl_kernel_yama_ptrace_scope" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sysctl_kernel_yama_ptrace_scope" id="rule-overview-leaf-idm45508564457472" data-tt-parent-id="xccdf_org.ssgproject.content_group_restrictions" data-references="{}"><td style="padding-left: 76px"><a href="#rule-detail-idm45508564457472" onclick="return openRuleDetailsDialog('idm45508564457472')">Restrict usage of ptrace to descendant processes</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sysctl_kernel_dmesg_restrict" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sysctl_kernel_dmesg_restrict" id="rule-overview-leaf-idm45508564454432" data-tt-parent-id="xccdf_org.ssgproject.content_group_restrictions" data-references='{"DISA CCI":["CCI-001314"],"NIST SP 800-171":["3.1.5"],"NIST SP 800-53":["SI-11"],"HIPAA":["164.308(a)(1)(ii)(D)","164.308(a)(3)","164.308(a)(4)","164.310(b)","164.310(c)","164.312(a)","164.312(e)"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564454432" onclick="return openRuleDetailsDialog('idm45508564454432')">Restrict Access to Kernel Message Buffer</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_partitions" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_partitions" data-tt-parent-id="xccdf_org.ssgproject.content_group_permissions"><td colspan="3" style="padding-left: 57px"><strong>Restrict Partition Mount Options</strong> <span class="badge">1x fail</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_mount_option_dev_shm_noexec" class="rule-overview-leaf rule-overview-leaf-fail rule-overview-needs-attention" id="rule-overview-leaf-idm45508564450752" data-tt-parent-id="xccdf_org.ssgproject.content_group_partitions" data-references='{"NIST SP 800-53":["CM-7","MP-2"],"CIS Recommendation":["1.1.17"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564450752" onclick="return openRuleDetailsDialog('idm45508564450752')">Add noexec Option to /dev/shm</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nosuid" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nosuid" id="rule-overview-leaf-idm45508564423856" data-tt-parent-id="xccdf_org.ssgproject.content_group_partitions" data-references='{"NIST SP 800-53":["CM-7","MP-2"],"CIS Recommendation":["1.1.16"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564423856" onclick="return openRuleDetailsDialog('idm45508564423856')">Add nosuid Option to /dev/shm</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nodev" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nodev" id="rule-overview-leaf-idm45508564414896" data-tt-parent-id="xccdf_org.ssgproject.content_group_partitions" data-references='{"NIST SP 800-53":["CM-7","MP-2"],"CIS Recommendation":["1.1.15"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45508564414896" onclick="return openRuleDetailsDialog('idm45508564414896')">Add nodev Option to /dev/shm</a></td><td class="rule-severity" style="text-align: center">unknown</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr></tbody></table></div><div class="js-only hidden-print"><button type="button" class="btn btn-info" onclick="return toggleResultDetails(this)">Show all result details</button></div><div id="result-details"><h2>Result Details</h2><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sssd_memcache_timeout" id="rule-detail-idm45508566493920"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure SSSD's Memory Cache to Expirexccdf_org.ssgproject.content_rule_sssd_memcache_timeout mediumCCE-80364-3 </div><div class="panel-heading"><h3 class="panel-title">Configure SSSD's Memory Cache to Expire</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sssd_memcache_timeout</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80364-3">CCE-80364-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002007</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(10)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(13)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000383-GPOS-00166</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>SSSD's memory cache should be configured to set to expire records after 1 day. To configure SSSD to expire memory cache, set <code>memcache_timeout</code> to <code>86400</code> under the <code>[nss]</code> section in <code>/etc/sssd/sssd.conf</code>. For example: <pre>[nss] memcache_timeout = 86400 </pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>If cached authentication information is out-of-date, the validity of the authentication information may be questionable.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sssd_offline_cred_expiration" id="rule-detail-idm45508566487888"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure SSSD to Expire Offline Credentialsxccdf_org.ssgproject.content_rule_sssd_offline_cred_expiration mediumCCE-80365-0 </div><div class="panel-heading"><h3 class="panel-title">Configure SSSD to Expire Offline Credentials</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sssd_offline_cred_expiration</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80365-0">CCE-80365-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002007</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(13)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000383-GPOS-00166</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>SSSD should be configured to expire offline credentials after 1 day. To configure SSSD to expire offline credentials, set <code>offline_credentials_expiration</code> to <code>1</code> under the <code>[pam]</code> section in <code>/etc/sssd/sssd.conf</code>. For example: <pre>[pam] offline_credentials_expiration = 1 </pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>If cached authentication information is out-of-date, the validity of the authentication information may be questionable.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_package_abrt_removed" id="rule-detail-idm45508566462288"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Uninstall Automatic Bug Reporting Tool (abrt)xccdf_org.ssgproject.content_rule_package_abrt_removed unknown</div><div class="panel-heading"><h3 class="panel-title">Uninstall Automatic Bug Reporting Tool (abrt)</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_package_abrt_removed</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The Automatic Bug Reporting Tool (<code>abrt</code>) collects and reports crash data when an application crash is detected. Using a variety of plugins, abrt can email crash reports to system administrators, log crash reports to files, or forward crash reports to a centralized issue tracking system such as RHTSupport. The <code>abrt</code> package can be removed with the following command: <pre> $ sudo yum erase abrt</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Mishandling crash data could expose sensitive information about vulnerabilities in software executing on the system, as well as sensitive information from within a process's address space or registers.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_package_sendmail_removed" id="rule-detail-idm45508566390816"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Uninstall Sendmail Packagexccdf_org.ssgproject.content_rule_package_sendmail_removed mediumCCE-80288-4 </div><div class="panel-heading"><h3 class="panel-title">Uninstall Sendmail Package</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_package_sendmail_removed</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80288-4">CCE-80288-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Sendmail is not the default mail transfer agent and is not installed by default. The <code>sendmail</code> package can be removed with the following command: <pre> $ sudo yum erase sendmail</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The sendmail software was not developed with security in mind and its design prevents it from being effectively contained by SELinux. Postfix should be used instead.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts" id="rule-detail-idm45508566299216"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable SSH Support for User Known Hostsxccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts mediumCCE-80372-6 </div><div class="panel-heading"><h3 class="panel-title">Disable SSH Support for User Known Hosts</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80372-6">CCE-80372-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-040380</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86873r2_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.12</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>SSH can allow system users user host-based authentication to connect to systems if a cache of the remote systems public keys are available. This should be disabled. <br><br> To ensure this behavior is disabled, add or correct the following line in <code>/etc/ssh/sshd_config</code>: <pre>IgnoreUserKnownHosts yes</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Configuring this setting for the SSH daemon provides additional assurance that remove login via SSH will require a password, even in the event of misconfiguration elsewhere.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords" id="rule-detail-idm45508566294672"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable SSH Access via Empty Passwordsxccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords highCCE-27471-2 </div><div class="panel-heading"><h3 class="panel-title">Disable SSH Access via Empty Passwords</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27471-2">CCE-27471-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010300</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86563r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00229</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To explicitly disallow SSH login from accounts with empty passwords, add or correct the following line in <code>/etc/ssh/sshd_config</code>: <br> <pre>PermitEmptyPasswords no</pre> <br> Any accounts with empty passwords should be disabled immediately, and PAM configuration should prevent users from being able to assign themselves empty passwords.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Configuring this setting for the SSH daemon provides additional assurance that remote login via SSH will require a password, even in the event of misconfiguration elsewhere.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_disable_rhosts_rsa" id="rule-detail-idm45508566287856"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable SSH Support for Rhosts RSA Authenticationxccdf_org.ssgproject.content_rule_sshd_disable_rhosts_rsa mediumCCE-80373-4 </div><div class="panel-heading"><h3 class="panel-title">Disable SSH Support for Rhosts RSA Authentication</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_disable_rhosts_rsa</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80373-4">CCE-80373-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-040330</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86863r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.12</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>SSH can allow authentication through the obsolete rsh command through the use of the authenticating user's SSH keys. This should be disabled. <br><br> To ensure this behavior is disabled, add or correct the following line in <code>/etc/ssh/sshd_config</code>: <pre>RhostsRSAAuthentication no</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Configuring this setting for the SSH daemon provides additional assurance that remove login via SSH will require a password, even in the event of misconfiguration elsewhere.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> As of <code>openssh-server</code> version <code>7.4</code> and above, the <code>RhostsRSAAuthentication</code> option has been deprecated, and the line <pre>RhostsRSAAuthentication no</pre> in <code>/etc/ssh/sshd_config</code> is not necessary.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner" id="rule-detail-idm45508566280992"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Enable SSH Warning Bannerxccdf_org.ssgproject.content_rule_sshd_enable_warning_banner mediumCCE-27314-4 </div><div class="panel-heading"><h3 class="panel-title">Enable SSH Warning Banner</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27314-4">CCE-27314-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-040170</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86849r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.16</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.9</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000048</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000050</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001384</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001385</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001386</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001387</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001388</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)(3)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000023-GPOS-00006</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000024-GPOS-00007</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000228-GPOS-00088</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To enable the warning banner and ensure it is consistent across the system, add or correct the following line in <code>/etc/ssh/sshd_config</code>: <pre>Banner /etc/issue</pre> Another section contains information on how to create an appropriate system-wide warning banner.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The warning message reinforces policy awareness during the logon process and facilitates possible legal action against attackers. Alternatively, systems whose ownership should not be obvious should ensure usage of a banner that does not provide easy attribution.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_disable_kerb_auth" id="rule-detail-idm45508566271728"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable Kerberos Authenticationxccdf_org.ssgproject.content_rule_sshd_disable_kerb_auth mediumCCE-80221-5 </div><div class="panel-heading"><h3 class="panel-title">Disable Kerberos Authentication</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_disable_kerb_auth</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80221-5">CCE-80221-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-040440</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86885r2_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.12</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000368</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000318</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001812</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001813</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001814</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000364-GPOS-00151</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Unless needed, SSH should not permit extraneous or unnecessary authentication mechanisms like Kerberos. To disable Kerberos authentication, add or correct the following line in the <code>/etc/ssh/sshd_config</code> file: <pre>KerberosAuthentication no</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Kerberos authentication for SSH is often implemented using GSSAPI. If Kerberos is enabled through SSH, the SSH daemon provides a means of access to the system's Kerberos implementation. Vulnerabilities in the system's Kerberos implementations may be subject to exploitation.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_disable_rhosts" id="rule-detail-idm45508566264864"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable SSH Support for .rhosts Filesxccdf_org.ssgproject.content_rule_sshd_disable_rhosts mediumCCE-27377-1 </div><div class="panel-heading"><h3 class="panel-title">Disable SSH Support for .rhosts Files</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_disable_rhosts</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27377-1">CCE-27377-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-040350</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86867r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.6</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.12</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>SSH can emulate the behavior of the obsolete rsh command in allowing users to enable insecure access to their accounts via <code>.rhosts</code> files. <br><br> To ensure this behavior is disabled, add or correct the following line in <code>/etc/ssh/sshd_config</code>: <pre>IgnoreRhosts yes</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>SSH trust relationships mean a compromise on one host can allow an attacker to move trivially to other hosts.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_disable_host_auth" id="rule-detail-idm45508566251520"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable Host-Based Authenticationxccdf_org.ssgproject.content_rule_disable_host_auth mediumCCE-27413-4 </div><div class="panel-heading"><h3 class="panel-title">Disable Host-Based Authentication</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_disable_host_auth</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27413-4">CCE-27413-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010470</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86583r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.7</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.12</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00229</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>SSH's cryptographic host-based authentication is more secure than <code>.rhosts</code> authentication. However, it is not recommended that hosts unilaterally trust one another, even within an organization. <br><br> To disable host-based authentication, add or correct the following line in <code>/etc/ssh/sshd_config</code>: <pre>HostbasedAuthentication no</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>SSH trust relationships mean a compromise on one host can allow an attacker to move trivially to other hosts.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_disable_gssapi_auth" id="rule-detail-idm45508566234048"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable GSSAPI Authenticationxccdf_org.ssgproject.content_rule_sshd_disable_gssapi_auth mediumCCE-80220-7 </div><div class="panel-heading"><h3 class="panel-title">Disable GSSAPI Authentication</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_disable_gssapi_auth</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80220-7">CCE-80220-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-040430</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86883r2_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.12</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000368</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000318</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001812</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001813</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001814</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000364-GPOS-00151</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Unless needed, SSH should not permit extraneous or unnecessary authentication mechanisms like GSSAPI. To disable GSSAPI authentication, add or correct the following line in the <code>/etc/ssh/sshd_config</code> file: <pre>GSSAPIAuthentication no</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>GSSAPI authentication is used to provide additional authentication mechanisms to applications. Allowing GSSAPI authentication through SSH exposes the system's GSSAPI to remote hosts, increasing the attack surface of the system.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_disable_root_login" id="rule-detail-idm45508566227184"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable SSH Root Loginxccdf_org.ssgproject.content_rule_sshd_disable_root_login mediumCCE-27445-6 </div><div class="panel-heading"><h3 class="panel-title">Disable SSH Root Login</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_disable_root_login</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27445-6">CCE-27445-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-040370</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86871r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.8</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2(5)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The root user should never be allowed to login to a system directly over a network. To disable root login via SSH, add or correct the following line in <code>/etc/ssh/sshd_config</code>: <pre>PermitRootLogin no</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Even though the communications channel may be encrypted, an additional layer of security is gained by extending the policy of not logging directly on as root. In addition, logging in with a user-specific account provides individual accountability of actions performed on the system and also helps to minimize direct attack attempts on root's password.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_installed_OS_is_certified" id="rule-detail-idm45508566184240"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->The Installed Operating System Is Vendor Supported and Certifiedxccdf_org.ssgproject.content_rule_installed_OS_is_certified highCCE-80349-4 </div><div class="panel-heading"><h3 class="panel-title">The Installed Operating System Is Vendor Supported and Certified</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_installed_OS_is_certified</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80349-4">CCE-80349-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-020250</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86621r2_rule</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-2(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The installed operating system must be maintained and certified by a vendor. Red Hat Enterprise Linux is supported by Red Hat, Inc. As the Red Hat Enterprise Linux vendor, Red Hat, Inc. is responsible for providing security patches as well as meeting and maintaining goverment certifications and standards.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>An operating system is considered "supported" if the vendor continues to provide security patches for the product as well as maintain government certification requirements. With an unsupported release, it will not be possible to resolve security issue discovered in the system software as well as meet government certifications.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_grub2_enable_fips_mode" id="rule-detail-idm45508566178768"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Enable FIPS Mode in GRUB2xccdf_org.ssgproject.content_rule_grub2_enable_fips_mode highCCE-80359-3 </div><div class="panel-heading"><h3 class="panel-title">Enable FIPS Mode in GRUB2</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_grub2_enable_fips_mode</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:08:36</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80359-3">CCE-80359-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-021350</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86691r3_rule</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.13.8</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.13.11</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000068</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002450</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(2)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000033-GPOS-00014</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000396-GPOS-00176</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000478-GPOS-00223</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To ensure FIPS mode is enabled, install package <code>dracut-fips</code>, and rebuild <code>initramfs</code> by running the following commands: <pre> $ sudo yum install dracut-fips dracut -f</pre> After the <code>dracut</code> command has been run, add the argument <code>fips=1</code> to the default GRUB 2 command line for the Linux operating system in <code>/etc/default/grub</code>, in the manner below: <pre>GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=VolGroup/LogVol06 rd.lvm.lv=VolGroup/lv_swap rhgb quiet rd.shell=0 fips=1"</pre> Finally, rebuild the <code>grub.cfg</code> file by using the <pre>grub2-mkconfig -o</pre> command as follows: <ul><li>On BIOS-based machines, issue the following command as <code>root</code>: <pre>~]# grub2-mkconfig -o /boot/grub2/grub.cfg</pre></li><li>On UEFI-based machines, issue the following command as <code>root</code>: <pre>~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre></li></ul></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> Running <pre>dracut -f</pre> will overwrite the existing initramfs file.</div></div><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> The system needs to be rebooted for these changes to take effect.</div></div><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> The ability to enable FIPS does not denote FIPS compliancy or certification. Red Hat, Inc. and Red Hat Enterprise Linux are respectively FIPS certified and compliant. Community projects such as CentOS, Scientific Linux, etc. do not necessarily meet FIPS certification and compliancy. Therefore, non-certified vendors and/or projects do not meet this requirement even if technically feasible. <br><br> See <b><a href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm">http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm</a></b> for a list of FIPS certified vendors.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_rpm_verify_hashes" id="rule-detail-idm45508566144880"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Verify File Hashes with RPMxccdf_org.ssgproject.content_rule_rpm_verify_hashes highCCE-27157-7 </div><div class="panel-heading"><h3 class="panel-title">Verify File Hashes with RPM</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_rpm_verify_hashes</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27157-7">CCE-27157-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010020</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86479r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.2.6</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.4.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.8</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.1</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000663</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(i)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-7(1)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-11.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Without cryptographic integrity protections, system executables and files can be altered by unauthorized users without detection. The RPM package management system can check the hashes of installed software packages, including many that are important to system security. To verify that the cryptographic hash of system files and commands match vendor values, run the following command to list which files on the system have hashes that differ from what is expected by the RPM database: <pre>$ rpm -Va | grep '^..5'</pre> A "c" in the second column indicates that a file is a configuration file, which may appropriately be expected to change. If the file was not expected to change, investigate the cause of the change using audit logs or other means. The package can then be reinstalled to restore the file. Run the following command to determine which package owns the file: <pre>$ rpm -qf <i>FILENAME</i></pre> The package can be reinstalled from a yum repository using the command: <pre>$ sudo yum reinstall <i>PACKAGENAME</i></pre> Alternatively, the package can be reinstalled from trusted media using the command: <pre>$ sudo rpm -Uvh <i>PACKAGENAME</i></pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The hashes of important files like system executables should match the information given by the RPM database. Executables with erroneous hashes could be a sign of nefarious activity on the system.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled" id="rule-detail-idm45508566122224"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure gpgcheck Enabled For All Yum Package Repositoriesxccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled highCCE-26876-3 </div><div class="panel-heading"><h3 class="panel-title">Ensure gpgcheck Enabled For All Yum Package Repositories</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-26876-3">CCE-26876-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.4.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.8</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001749</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(i)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-5(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-1(b)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-6.2</a>, <a href="">366</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To ensure signature checking is not disabled for any repos, remove any lines from files in <code>/etc/yum.repos.d</code> of the form: <pre>gpgcheck=0</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Verifying the authenticity of the software prior to installation validates the integrity of the patch or upgrade received from a vendor. This ensures the software has not been tampered with and that it has been provided by a trusted vendor. Self-signed certificates are disallowed by this requirement. Certificates used to verify the software must be from an approved Certificate Authority (CA).</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-notchecked rule-detail-id-xccdf_org.ssgproject.content_rule_security_patches_up_to_date" id="rule-detail-idm45508566118496"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure Software Patches Installedxccdf_org.ssgproject.content_rule_security_patches_up_to_date highCCE-26895-3 </div><div class="panel-heading"><h3 class="panel-title">Ensure Software Patches Installed</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_security_patches_up_to_date</td></tr><tr><td>Result</td><td class="rule-result rule-result-notchecked"><div><abbr title="The Rule was not evaluated by the checking engine. This status is designed for Rule elements that have no check elements or that correspond to an unsupported checking system. It may also correspond to a status returned by a checking engine if the checking engine does not support the indicated check code.">notchecked</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-26895-3">CCE-26895-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-020260</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86623r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.8</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.4.1</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-1(b)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-6.2</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p> If the system is joined to the Red Hat Network, a Red Hat Satellite Server, or a yum server, run the following command to install updates: <pre>$ sudo yum update</pre> If the system is not configured to use one of these sources, updates (in the form of RPM packages) can be manually downloaded from the Red Hat Network and installed using <code>rpm</code>. <br><br> NOTE: U.S. Defense systems are required to be patched within 30 days or sooner as local policy dictates.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Installing software updates is a fundamental mitigation against the exploitation of publicly-known vulnerabilities. If the most recent security patches and updates are not installed, unauthorized users may take advantage of weaknesses in the unpatched software. The lack of prompt attention to patching could result in a system compromise.</p></div></td></tr><tr><td colspan="2"><div class="evaluation-messages"><span class="label label-default"><abbr title="Messages taken from rule-result">Evaluation messages</abbr></span><div class="panel panel-default"><div class="panel-body"><span class="label label-primary">info</span> <pre><message xmlns="http://checklists.nist.gov/xccdf/1.2" severity="info">None of the check-content-ref elements was resolvable.</message></pre></div></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_ensure_redhat_gpgkey_installed" id="rule-detail-idm45508566114448"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure Red Hat GPG Key Installedxccdf_org.ssgproject.content_rule_ensure_redhat_gpgkey_installed highCCE-26957-1 </div><div class="panel-heading"><h3 class="panel-title">Ensure Red Hat GPG Key Installed</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_ensure_redhat_gpgkey_installed</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-26957-1">CCE-26957-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.2.3</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.4.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.8</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001749</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(i)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-5(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-1(b)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-6.2</a>, <a href="">366</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To ensure the system can cryptographically verify base software packages come from Red Hat (and to connect to the Red Hat Network to receive them), the Red Hat GPG key must properly be installed. To install the Red Hat GPG key, run: <pre>$ sudo subscription-manager register</pre> If the system is not connected to the Internet or an RHN Satellite, then install the Red Hat GPG key from trusted media such as the Red Hat installation CD-ROM or DVD. Assuming the disc is mounted in <code>/media/cdrom</code>, use the following command as the root user to import it into the keyring: <pre>$ sudo rpm --import /media/cdrom/RPM-GPG-KEY</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Changes to software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor. The Red Hat GPG key is necessary to cryptographically verify packages are from Red Hat.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated" id="rule-detail-idm45508566106048"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure gpgcheck Enabled In Main Yum Configurationxccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated highCCE-26989-4 </div><div class="panel-heading"><h3 class="panel-title">Ensure gpgcheck Enabled In Main Yum Configuration</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-26989-4">CCE-26989-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-020050</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86601r1_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.2.2</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.4.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.8</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001749</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(i)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-5(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-1(b)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-6.2</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000366-GPOS-00153</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The <code>gpgcheck</code> option controls whether RPM packages' signatures are always checked prior to installation. To configure yum to check package signatures before installing them, ensure the following line appears in <code>/etc/yum.conf</code> in the <code>[main]</code> section: <pre>gpgcheck=1</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor. <br> Accordingly, patches, service packs, device drivers, or operating system components must be signed with a certificate recognized and approved by the organization. <br> Verifying the authenticity of the software prior to installation validates the integrity of the patch or upgrade received from a vendor. This ensures the software has not been tampered with and that it has been provided by a trusted vendor. Self-signed certificates are disallowed by this requirement. Certificates used to verify the software must be from an approved Certificate Authority (CA).</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages" id="rule-detail-idm45508566102320"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure gpgcheck Enabled for Local Packagesxccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages highCCE-80347-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure gpgcheck Enabled for Local Packages</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80347-8">CCE-80347-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-020060</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86603r1_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.8</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001749</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(c)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(i)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-5(3)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000366-GPOS-00153</a></p></td></tr><tr><td>Description</td><td><div class="description"><p><code>Yum</code> should be configured to verify the signature(s) of local packages prior to installation. To configure <code>yum</code> to verify signatures of local packages, set the <code>localpkg_gpgcheck</code> to <code>1</code> in <code>/etc/yum.conf</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Changes to any software components can have significant effects to the overall security of the operating system. This requirement ensures the software has not been tampered and has been provided by a trusted vendor. <br><br> Accordingly, patches, service packs, device drivers, or operating system components must be signed with a certificate recognized and approved by the organization.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_session_idle_user_locks" id="rule-detail-idm45508566095152"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure Users Cannot Change GNOME3 Session Idle Settingsxccdf_org.ssgproject.content_rule_dconf_gnome_session_idle_user_locks mediumCCE-80544-0 </div><div class="panel-heading"><h3 class="panel-title">Ensure Users Cannot Change GNOME3 Session Idle Settings</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_session_idle_user_locks</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80544-0">CCE-80544-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010082</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-87809r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.10</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000057</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-11(a)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-00029-GPOS-0010</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>If not already configured, ensure that users cannot change GNOME3 session idle settings by adding <code>/org/gnome/desktop/session/idle-delay</code> to <code>/etc/dconf/db/local.d/locks/00-security-settings-lock</code> to prevent user modification. For example: <pre>/org/gnome/desktop/session/idle-delay</pre> After the settings have been set, run <code>dconf update</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not logout because of the temporary nature of the absence. Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, GNOME desktops can be configured to identify when a user's session has idled and take action to initiate the session lock. As such, users should not be allowed to change session settings.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_delay" id="rule-detail-idm45508566091472"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set GNOME3 Screensaver Lock Delay After Activation Periodxccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_delay mediumCCE-80370-0 </div><div class="panel-heading"><h3 class="panel-title">Set GNOME3 Screensaver Lock Delay After Activation Period</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_delay</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80370-0">CCE-80370-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010110</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86525r2_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.10</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000056</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-11(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.1.8</a>, <a href="">OS-SRG-000029-GPOS-00010</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To activate the locking delay of the screensaver in the GNOME3 desktop when the screensaver is activated, add or set <code>lock-delay</code> to <code>uint32 <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_screensaver_lock_delay">0</abbr></code> in <code>/etc/dconf/db/local.d/00-security-settings</code>. For example: <pre>[org/gnome/desktop/screensaver] lock-delay=uint32 <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_screensaver_lock_delay">0</abbr> </pre> Once the setting has been added, add a lock to <code>/etc/dconf/db/local.d/locks/00-security-settings-lock</code> to prevent user modification. For example: <pre>/org/gnome/desktop/screensaver/lock-delay</pre> After the settings have been set, run <code>dconf update</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to logout because of the temporary nature of the absense.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_info" id="rule-detail-idm45508566086944"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable Full User Name on Splash Shieldxccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_info unknownCCE-80114-2 </div><div class="panel-heading"><h3 class="panel-title">Disable Full User Name on Splash Shield</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_info</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80114-2">CCE-80114-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>By default when the screen is locked, the splash shield will show the user's full name. This should be disabled to prevent casual observers from seeing who has access to the system. This can be disabled by adding or setting <code>show-full-name-in-top-bar</code> to <code>false</code> in <code>/etc/dconf/db/local.d/00-security-settings</code>. For example: <pre>[org/gnome/desktop/screensaver] show-full-name-in-top-bar=false </pre> Once the settings have been added, add a lock to <code>/etc/dconf/db/local.d/locks/00-security-settings-lock</code> to prevent user modification. For example: <pre>/org/gnome/desktop/screensaver/show-full-name-in-top-bar</pre> After the settings have been set, run <code>dconf update</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Setting the splash screen to not reveal the logged in user's name conceals who has access to the system from passersby.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_locks" id="rule-detail-idm45508566083264"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure Users Cannot Change GNOME3 Screensaver Settingsxccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_locks mediumCCE-80371-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure Users Cannot Change GNOME3 Screensaver Settings</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_locks</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80371-8">CCE-80371-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010081</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-87807r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.10</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000057</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-11(a)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-00029-GPOS-0010</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>If not already configured, ensure that users cannot change GNOME3 screensaver lock settings by adding <code>/org/gnome/desktop/screensaver/lock-delay</code> to <code>/etc/dconf/db/local.d/locks/00-security-settings-lock</code> to prevent user modification. For example: <pre>/org/gnome/desktop/screensaver/lock-delay</pre> After the settings have been set, run <code>dconf update</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not logout because of the temporary nature of the absence. Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, GNOME desktops can be configured to identify when a user's session has idled and take action to initiate the session lock. As such, users should not be allowed to change session settings.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_activation_enabled" id="rule-detail-idm45508566077824"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Enable GNOME3 Screensaver Idle Activationxccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_activation_enabled mediumCCE-80111-8 </div><div class="panel-heading"><h3 class="panel-title">Enable GNOME3 Screensaver Idle Activation</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_activation_enabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80111-8">CCE-80111-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010100</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86523r3_rule</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.10</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000057</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-11(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.1.8</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000029-GPOS-00010</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To activate the screensaver in the GNOME3 desktop after a period of inactivity, add or set <code>idle-activation-enabled</code> to <code>true</code> in <code>/etc/dconf/db/local.d/00-security-settings</code>. For example: <pre>[org/gnome/desktop/screensaver] idle_activation_enabled=true</pre> Once the setting has been added, add a lock to <code>/etc/dconf/db/local.d/locks/00-security-settings-lock</code> to prevent user modification. For example: <pre>/org/gnome/desktop/screensaver/idle-activation-enabled</pre> After the settings have been set, run <code>dconf update</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not logout because of the temporary nature of the absence. Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, GNOME desktops can be configured to identify when a user's session has idled and take action to initiate the session lock. <br><br> Enabling idle activation of the screensaver ensures the screensaver will be activated after the idle delay. Applications requiring continuous, real-time screen display (such as network management products) require the login session does not have administrator rights and the display station is located in a controlled-access area.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_delay" id="rule-detail-idm45508566070608"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set GNOME3 Screensaver Inactivity Timeoutxccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_delay mediumCCE-80110-0 </div><div class="panel-heading"><h3 class="panel-title">Set GNOME3 Screensaver Inactivity Timeout</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_delay</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80110-0">CCE-80110-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010070</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86517r4_rule</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.10</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000057</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-11(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.1.8</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000029-GPOS-00010</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The idle time-out value for inactivity in the GNOME3 desktop is configured via the <code>idle-delay</code> setting must be set under an appropriate configuration file(s) in the <code>/etc/dconf/db/local.d</code> directory and locked in <code>/etc/dconf/db/local.d/locks</code> directory to prevent user modification. <br><br> For example, to configure the system for a 15 minute delay, add the following to <code>/etc/dconf/db/local.d/00-security-settings</code>: <pre>[org/gnome/desktop/session] idle-delay='uint32 900'</pre> Once the setting has been added, add a lock to <code>/etc/dconf/db/local.d/locks/00-security-settings-lock</code> to prevent user modification. For example: <pre>/org/gnome/desktop/session/idle-delay</pre> After the settings have been set, run <code>dconf update</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not logout because of the temporary nature of the absence. Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, GNOME3 can be configured to identify when a user's session has idled and take action to initiate a session lock.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_mode_blank" id="rule-detail-idm45508566061968"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Implement Blank Screensaverxccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_mode_blank unknownCCE-80113-4 </div><div class="panel-heading"><h3 class="panel-title">Implement Blank Screensaver</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_mode_blank</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80113-4">CCE-80113-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.10</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000060</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-11(b)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.1.8</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To set the screensaver mode in the GNOME3 desktop to a blank screen, add or set <code>picture-uri</code> to <code>string ''</code> in <code>/etc/dconf/db/local.d/00-security-settings</code>. For example: <pre>[org/gnome/desktop/screensaver] picture-uri='' </pre> Once the settings have been added, add a lock to <code>/etc/dconf/db/local.d/locks/00-security-settings-lock</code> to prevent user modification. For example: <pre>/org/gnome/desktop/screensaver/picture-uri</pre> After the settings have been set, run <code>dconf update</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Setting the screensaver mode to blank-only conceals the contents of the display from passersby.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_enabled" id="rule-detail-idm45508566056496"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Enable GNOME3 Screensaver Lock After Idle Periodxccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_enabled mediumCCE-80112-6 </div><div class="panel-heading"><h3 class="panel-title">Enable GNOME3 Screensaver Lock After Idle Period</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_enabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80112-6">CCE-80112-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010060</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86515r4_rule</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.10</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000056</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-11(b)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.1.8</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000028-GPOS-00009</a>, <a href="">OS-SRG-000030-GPOS-00011</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To activate locking of the screensaver in the GNOME3 desktop when it is activated, add or set <code>lock-enabled</code> to <code>true</code> in <code>/etc/dconf/db/local.d/00-security-settings</code>. For example: <pre>[org/gnome/desktop/screensaver] lock-enabled=true </pre> Once the settings have been added, add a lock to <code>/etc/dconf/db/local.d/locks/00-security-settings-lock</code> to prevent user modification. For example: <pre>/org/gnome/desktop/screensaver/lock-enabled</pre> After the settings have been set, run <code>dconf update</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to logout because of the temporary nature of the absense.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_gnome_gdm_disable_automatic_login" id="rule-detail-idm45508566020928"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable GDM Automatic Loginxccdf_org.ssgproject.content_rule_gnome_gdm_disable_automatic_login highCCE-80104-3 </div><div class="panel-heading"><h3 class="panel-title">Disable GDM Automatic Login</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_gnome_gdm_disable_automatic_login</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80104-3">CCE-80104-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010440</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86577r1_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00229</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The GNOME Display Manager (GDM) can allow users to automatically login without user interaction or credentials. User should always be required to authenticate themselves to the system that they are authorized to use. To disable user ability to automatically login to the system, set the <code>AutomaticLoginEnable</code> to <code>false</code> in the <code>[daemon]</code> section in <code>/etc/gdm/custom.conf</code>. For example: <pre>[daemon] AutomaticLoginEnable=false</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Failure to restrict system access to authenticated users negatively impacts operating system security.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_login_retries" id="rule-detail-idm45508566017200"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set the GNOME3 Login Number of Failuresxccdf_org.ssgproject.content_rule_dconf_gnome_login_retries mediumCCE-80109-2 </div><div class="panel-heading"><h3 class="panel-title">Set the GNOME3 Login Number of Failures</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_login_retries</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80109-2">CCE-80109-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.8</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>In the default graphical environment, the GNOME3 login screen and be configured to restart the authentication process after a configured number of attempts. This can be configured by setting <code>allowed-failures</code> to <code>3</code> or less. <br><br> To enable, add or edit <code>allowed-failures</code> to <code>/etc/dconf/db/gdm.d/00-security-settings</code>. For example: <pre>[org/gnome/login-screen] allowed-failures=3</pre> Once the setting has been added, add a lock to <code>/etc/dconf/db/gdm.d/locks/00-security-settings-lock</code> to prevent user modification. For example: <pre>/org/gnome/login-screen/allowed-failures</pre> After the settings have been set, run <code>dconf update</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Setting the password retry prompts that are permitted on a per-session basis to a low value requires some software, such as SSH, to re-connect. This can slow down and draw additional attention to some types of password-guessing attacks.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_gnome_gdm_disable_guest_login" id="rule-detail-idm45508566009440"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable GDM Guest Loginxccdf_org.ssgproject.content_rule_gnome_gdm_disable_guest_login highCCE-80105-0 </div><div class="panel-heading"><h3 class="panel-title">Disable GDM Guest Login</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_gnome_gdm_disable_guest_login</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80105-0">CCE-80105-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010450</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86579r2_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00229</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The GNOME Display Manager (GDM) can allow users to login without credentials which can be useful for public kiosk scenarios. Allowing users to login without credentials or "guest" account access has inherent security risks and should be disabled. To do disable timed logins or guest account access, set the <code>TimedLoginEnable</code> to <code>false</code> in the <code>[daemon]</code> section in <code>/etc/gdm/custom.conf</code>. For example: <pre>[daemon] TimedLoginEnable=false</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Failure to restrict system access to authenticated users negatively impacts operating system security.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_rsyslog_remote_loghost" id="rule-detail-idm45508565988592"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure Logs Sent To Remote Hostxccdf_org.ssgproject.content_rule_rsyslog_remote_loghost unknownCCE-27343-3 </div><div class="panel-heading"><h3 class="panel-title">Ensure Logs Sent To Remote Host</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_rsyslog_remote_loghost</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27343-3">CCE-27343-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-031000</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86833r1_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">4.2.1.4</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001348</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000136</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001851</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(6)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(8)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.314(a)(2)(i)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.314(a)(2)(iii)</a>, <a href="https://www.iso.org/standard/54534.html">A.12.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-9</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To configure rsyslog to send logs to a remote log server, open <code>/etc/rsyslog.conf</code> and read and understand the last section of the file, which describes the multiple directives necessary to activate remote logging. Along with these other directives, the system can be configured to forward its logs to a particular log server by adding or correcting one of the following lines, substituting <code><i>loghost.example.com</i></code> appropriately. The choice of protocol depends on the environment of the system; although TCP and RELP provide more reliable message delivery, they may not be supported in all environments. <br> To use UDP for log message delivery: <pre>*.* @<i>loghost.example.com</i></pre> <br> To use TCP for log message delivery: <pre>*.* @@<i>loghost.example.com</i></pre> <br> To use RELP for log message delivery: <pre>*.* :omrelp:<i>loghost.example.com</i></pre> <br> There must be a resolvable DNS CNAME or Alias record set to "<abbr title="from TestResult: xccdf_org.ssgproject.content_value_rsyslog_remote_loghost_address">logcollector</abbr>" for logs to be sent correctly to the centralized logging utility.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>A log server (loghost) receives syslog messages from one or more systems. This data can be used as an additional log source in the event a system is compromised and its local logs are suspect. Forwarding log messages to a remote loghost also provides system administrators with a centralized place to view the status of multiple hosts within the enterprise.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_rsyslog_cron_logging" id="rule-detail-idm45508565977776"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure cron Is Logging To Rsyslogxccdf_org.ssgproject.content_rule_rsyslog_cron_logging mediumCCE-80380-9 </div><div class="panel-heading"><h3 class="panel-title">Ensure cron Is Logging To Rsyslog</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_rsyslog_cron_logging</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80380-9">CCE-80380-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-021100</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86675r1_rule</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Cron logging must be implemented to spot intrusions or trace cron job status. If <code>cron</code> is not logging to <code>rsyslog</code>, it can be implemented by adding the following to the <i>RULES</i> section of <code>/etc/rsyslog.conf</code>: <pre>cron.* /var/log/cron</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Cron logging can be used to trace the successful or unsuccessful execution of cron jobs. It can also be used to spot intrusions into the use of the cron facility by unauthorized and malicious users.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_set_firewalld_default_zone" id="rule-detail-idm45508565906384"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Default firewalld Zone for Incoming Packetsxccdf_org.ssgproject.content_rule_set_firewalld_default_zone mediumCCE-27349-0 </div><div class="panel-heading"><h3 class="panel-title">Set Default firewalld Zone for Incoming Packets</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_set_firewalld_default_zone</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27349-0">CCE-27349-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-040810</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86939r2_rule</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.13.6</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To set the default zone to <code>drop</code> for the built-in default zone which processes incoming IPv4 and IPv6 packets, modify the following line in <code>/etc/firewalld/firewalld.conf</code> to be: <pre>DefaultZone=drop</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>In <code>firewalld</code> the default zone is applied only after all the applicable rules in the table are examined for a match. Setting the default zone to <code>drop</code> implements proper design for a firewall, i.e. any packets which are not explicitly permitted should not be accepted.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_service_firewalld_enabled" id="rule-detail-idm45508565897936"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Verify firewalld Enabledxccdf_org.ssgproject.content_rule_service_firewalld_enabled mediumCCE-27361-5 </div><div class="panel-heading"><h3 class="panel-title">Verify firewalld Enabled</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_service_firewalld_enabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27361-5">CCE-27361-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-040520</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86897r1_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">4.7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p> The <code>firewalld</code> service can be enabled with the following command: <pre>$ sudo systemctl enable firewalld.service</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Access control methods provide the ability to enhance system security posture by restricting services and known good IP addresses and address ranges. This prevents connections from unknown hosts and protocols.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_grub2_password" id="rule-detail-idm45508565826848"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Boot Loader Password in grub2xccdf_org.ssgproject.content_rule_grub2_password highCCE-27309-4 </div><div class="panel-heading"><h3 class="panel-title">Set Boot Loader Password in grub2</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_grub2_password</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27309-4">CCE-27309-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010480</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86585r4_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.4.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000213</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000080-GPOS-00048</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The grub2 boot loader should have a superuser account and password protection enabled to protect boot-time settings. <br><br> To do so, select a superuser account name and password and and modify the <code>/etc/grub.d/01_users</code> configuration file with the new account name. <br><br> Since plaintext passwords are a security risk, generate a hash for the pasword by running the following command: <pre>$ grub2-setpassword</pre> When prompted, enter the password that was selected. <br><br> NOTE: It is recommended not to use common administrator account names like root, admin, or administrator for the grub2 superuser account. <br><br> Change the superuser to a different username (The default is 'root'). <pre>$ sed -i s/root/bootuser/g /etc/grub.d/01_users</pre> <br><br> To meet FISMA Moderate, the bootloader superuser account and password MUST differ from the root account and password. Once the superuser account and password have been added, update the <code>grub.cfg</code> file by running: <pre>grub2-mkconfig -o /boot/grub2/grub.cfg</pre> NOTE: Do NOT manually add the superuser account and password to the <code>grub.cfg</code> file as the grub2-mkconfig command overwrites this file.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Password protection on the boot loader configuration ensures users with physical access cannot trivially alter important bootloader settings. These include which kernel to use, and whether to enter single-user mode. For more information on how to configure the grub2 superuser account and password, please refer to <ul><li><a href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Protecting_GRUB_2_with_a_Password.html">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Protecting_GRUB_2_with_a_Password.html</a></li>. </ul></p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> To prevent hard-coded passwords, automatic remediation of this control is not available. Remediation must be automated as a component of machine provisioning, or followed manually as outlined above.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_grub2_uefi_password" id="rule-detail-idm45508565807808"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set the UEFI Boot Loader Passwordxccdf_org.ssgproject.content_rule_grub2_uefi_password mediumCCE-80354-4 </div><div class="panel-heading"><h3 class="panel-title">Set the UEFI Boot Loader Password</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_grub2_uefi_password</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80354-4">CCE-80354-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010490</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86587r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.4.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000213</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000080-GPOS-00048</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The grub2 boot loader should have a superuser account and password protection enabled to protect boot-time settings. <br><br> To do so, select a superuser account name and password and and modify the <code>/etc/grub.d/01_users</code> configuration file with the new account name. <br><br> Since plaintext passwords are a security risk, generate a hash for the pasword by running the following command: <pre>$ grub2-setpassword</pre> When prompted, enter the password that was selected. <br><br> NOTE: It is recommended not to use common administrator account names like root, admin, or administrator for the grub2 superuser account. <br><br> Change the superuser to a different username (The default is 'root'). <pre>$ sed -i s/root/bootuser/g /etc/grub.d/01_users</pre> <br><br> To meet FISMA Moderate, the bootloader superuser account and password MUST differ from the root account and password. Once the superuser account and password have been added, update the <code>grub.cfg</code> file by running: <pre>grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre> NOTE: Do NOT manually add the superuser account and password to the <code>grub.cfg</code> file as the grub2-mkconfig command overwrites this file.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Password protection on the boot loader configuration ensures users with physical access cannot trivially alter important bootloader settings. These include which kernel to use, and whether to enter single-user mode. For more information on how to configure the grub2 superuser account and password, please refer to <ul><li><a href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Protecting_GRUB_2_with_a_Password.html">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Protecting_GRUB_2_with_a_Password.html</a></li>. </ul></p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> To prevent hard-coded passwords, automatic remediation of this control is not available. Remediation must be automated as a component of machine provisioning, or followed manually as outlined above.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_selinux_policytype" id="rule-detail-idm45508565256096"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure SELinux Policyxccdf_org.ssgproject.content_rule_selinux_policytype highCCE-27279-9 </div><div class="panel-heading"><h3 class="panel-title">Configure SELinux Policy</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_selinux_policytype</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:02</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27279-9">CCE-27279-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-020220</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86615r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.6.1.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.7.2</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002696</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-4</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-9</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-6(a)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000445-GPOS-00199</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The SELinux <code>targeted</code> policy is appropriate for general-purpose desktops and servers, as well as systems in many other roles. To configure the system to use this policy, add or correct the following line in <code>/etc/selinux/config</code>: <pre>SELINUXTYPE=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_selinux_policy_name">targeted</abbr></pre> Other policies, such as <code>mls</code>, provide additional security labeling and greater confinement but are not compatible with many general-purpose use cases.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Setting the SELinux policy to <code>targeted</code> or a more specialized policy ensures the system will confine processes that are likely to be targeted for exploitation, such as network or system services. <br><br> Note: During the development or debugging of SELinux modules, it is common to temporarily place non-production systems in <code>permissive</code> mode. In such temporary cases, SELinux policies should be developed, and once work is completed, the system should be reconfigured to <code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_selinux_policy_name">targeted</abbr></code>.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_selinux_confinement_of_daemons" id="rule-detail-idm45508565249232"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure No Daemons are Unconfined by SELinuxxccdf_org.ssgproject.content_rule_selinux_confinement_of_daemons mediumCCE-27288-0 </div><div class="panel-heading"><h3 class="panel-title">Ensure No Daemons are Unconfined by SELinux</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_selinux_confinement_of_daemons</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27288-0">CCE-27288-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.6.1.6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.7.2</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-9</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Daemons for which the SELinux policy does not contain rules will inherit the context of the parent process. Because daemons are launched during startup and descend from the <code>init</code> process, they inherit the <code>initrc_t</code> context. <br> <br> To check for unconfined daemons, run the following command: <pre>$ sudo ps -eZ | egrep "initrc" | egrep -vw "tr|ps|egrep|bash|awk" | tr ':' ' ' | awk '{ print $NF }'</pre> It should produce no output in a well-configured system.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Daemons which run with the <code>initrc_t</code> context may cause AVC denials, or allow privileges that the daemon does not require.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_selinux_all_devicefiles_labeled" id="rule-detail-idm45508565245504"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure No Device Files are Unlabeled by SELinuxxccdf_org.ssgproject.content_rule_selinux_all_devicefiles_labeled mediumCCE-27326-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure No Device Files are Unlabeled by SELinux</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_selinux_all_devicefiles_labeled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27326-8">CCE-27326-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-020900</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86663r1_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.7.2</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000022</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000032</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000368</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000318</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001812</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001813</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001814</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-9</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-3(f)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Device files, which are used for communication with important system resources, should be labeled with proper SELinux types. If any device files do not carry the SELinux type <code>device_t</code>, report the bug so that policy can be corrected. Supply information about what the device is and what programs use it. <br><br> To check for unlabeled device files, run the following command: <pre>$ sudo find /dev -context *:device_t:* \( -type c -o -type b \) -printf "%p %Z\n"</pre> It should produce no output in a well-configured system.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>If a device file carries the SELinux type <code>device_t</code>, then SELinux cannot properly restrict access to the device file.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_selinux_state" id="rule-detail-idm45508565239488"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure SELinux State is Enforcingxccdf_org.ssgproject.content_rule_selinux_state highCCE-27334-2 </div><div class="panel-heading"><h3 class="panel-title">Ensure SELinux State is Enforcing</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_selinux_state</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27334-2">CCE-27334-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-020210</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86613r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.6.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.7.2</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002165</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002696</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-4</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-9</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-6(a)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000445-GPOS-00199</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The SELinux state should be set to <code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_selinux_state">enforcing</abbr></code> at system boot time. In the file <code>/etc/selinux/config</code>, add or correct the following line to configure the system to boot into enforcing mode: <pre>SELINUX=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_selinux_state">enforcing</abbr></pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Setting the SELinux state to enforcing ensures SELinux is able to confine potentially compromised processes to the security policy, which is designed to prevent them from causing damage to the system or further elevating their privileges.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs" id="rule-detail-idm45508565226256"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Password Minimum Length in login.defsxccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs mediumCCE-27123-9 </div><div class="panel-heading"><h3 class="panel-title">Set Password Minimum Length in login.defs</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27123-9">CCE-27123-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.6.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.5.7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(f)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To specify password length requirements for new accounts, edit the file <code>/etc/login.defs</code> and add or correct the following line: <pre>PASS_MIN_LEN <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_password_minlen_login_defs">15</abbr></pre> <br><br> The DoD requirement is <code>15</code>. The FISMA requirement is <code>12</code>. The profile requirement is <code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_password_minlen_login_defs">15</abbr></code>. If a program consults <code>/etc/login.defs</code> and also another PAM module (such as <code>pam_pwquality</code>) during a password change operation, then the most restrictive must be satisfied. See PAM section for more information about enforcing password quality requirements.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Requiring a minimum password length makes password cracking attacks more difficult by ensuring a larger search space. However, any security benefit from an onerous requirement must be carefully weighed against usability problems, support costs, or counterproductive behavior that may result.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_no_empty_passwords" id="rule-detail-idm45508565186672"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Prevent Log In to Accounts With Empty Passwordxccdf_org.ssgproject.content_rule_no_empty_passwords highCCE-27286-4 </div><div class="panel-heading"><h3 class="panel-title">Prevent Log In to Accounts With Empty Password</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27286-4">CCE-27286-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010290</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86561r2_rule</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.2.3</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>If an account is configured for password authentication but does not have an assigned password, it may be possible to log into the account without authentication. Remove any instances of the <code>nullok</code> option in <code>/etc/pam.d/system-auth</code> to prevent logins with empty passwords.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>If an account has an empty password, anyone could log in and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_tmout" id="rule-detail-idm45508565131200"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Interactive Session Timeoutxccdf_org.ssgproject.content_rule_accounts_tmout mediumCCE-27557-8 </div><div class="panel-heading"><h3 class="panel-title">Set Interactive Session Timeout</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_tmout</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27557-8">CCE-27557-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-040160</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86847r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.11</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001133</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000361</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-12</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-10</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000163-GPOS-00072</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Setting the <code>TMOUT</code> option in <code>/etc/profile</code> ensures that all user sessions will terminate based on inactivity. The <code>TMOUT</code> setting in <code>/etc/profile</code> should read as follows: <pre>TMOUT=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_tmout">600</abbr></pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_package_screen_installed" id="rule-detail-idm45508565110016"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Install the screen Packagexccdf_org.ssgproject.content_rule_package_screen_installed mediumCCE-27351-6 </div><div class="panel-heading"><h3 class="panel-title">Install the screen Package</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_package_screen_installed</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27351-6">CCE-27351-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010090</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86521r1_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.10</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000057</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-11(a)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000029-GPOS-00010</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To enable console screen locking, install the <code>screen</code> package: <pre>$ sudo yum install screen</pre> Instruct users to begin new terminal sessions with the following command: <pre>$ screen</pre> The console can now be locked with the following key combination: <pre>ctrl+a x</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but des not logout because of the temporary nature of the absence. Rather than relying on the user to manually lock their operation system session prior to vacating the vicinity, operating systems need to be able to identify when a user's session has idled and take action to initiate the session lock. <br><br> The <code>screen</code> package allows for a session lock to be implemented and configured.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_require_singleuser_auth" id="rule-detail-idm45508565099216"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Require Authentication for Single User Modexccdf_org.ssgproject.content_rule_require_singleuser_auth mediumCCE-27287-2 </div><div class="panel-heading"><h3 class="panel-title">Require Authentication for Single User Mode</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_require_singleuser_auth</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27287-2">CCE-27287-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010481</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-92519r1_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.4.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000213</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000080-GPOS-00048</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010481</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-92519r1_rule</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Single-user mode is intended as a system recovery method, providing a single user root access to the system by providing a boot option at startup. By default, no authentication is performed if single-user mode is selected. <br><br> By default, single-user mode is protected by requiring a password and is set in <code>/usr/lib/systemd/system/rescue.service</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>This prevents attackers with physical access from trivially bypassing security on the machine and gaining root access. Such accesses are further prevented by configuring the bootloader password.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot" id="rule-detail-idm45508565093168"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Verify that Interactive Boot is Disabledxccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot mediumCCE-27335-9 </div><div class="panel-heading"><h3 class="panel-title">Verify that Interactive Boot is Disabled</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27335-9">CCE-27335-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000213</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-3</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Red Hat Enterprise Linux systems support an "interactive boot" option that can be used to prevent services from being started. On a Red Hat Enterprise Linux 7 system, interactive boot can be enabled by providing a <code>1</code>, <code>yes</code>, <code>true</code>, or <code>on</code> value to the <code>systemd.confirm_spawn</code> kernel argument in <code>/etc/default/grub</code>. Remove any instance of <pre>systemd.confirm_spawn=(1|yes|true|on)</pre> from the kernel arguments in that file to disable interactive boot.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Using interactive boot, the console user could disable auditing, firewalls, or other services, weakening system security.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-notchecked rule-detail-id-xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" id="rule-detail-idm45508565085360"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable debug-shell SystemD Servicexccdf_org.ssgproject.content_rule_service_debug-shell_disabled mediumCCE-80206-6 </div><div class="panel-heading"><h3 class="panel-title">Disable debug-shell SystemD Service</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_service_debug-shell_disabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-notchecked"><div><abbr title="The Rule was not evaluated by the checking engine. This status is designed for Rule elements that have no check elements or that correspond to an unsupported checking system. It may also correspond to a status returned by a checking engine if the checking engine does not support the indicated check code.">notchecked</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80206-6">CCE-80206-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_AFL.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>SystemD's <code>debug-shell</code> service is intended to diagnose SystemD related boot issues with various <code>systemctl</code> commands. Once enabled and following a system reboot, the root shell will be available on <code>tty9</code> which is access by pressing <code>CTRL-ALT-F9</code>. The <code>debug-shell</code> service should only be used for SystemD related issues and should otherwise be disabled. <br><br> By default, the <code>debug-shell</code> SystemD service is disabled. The <code>debug-shell</code> service can be disabled with the following command: <pre>$ sudo systemctl disable debug-shell.service</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>This prevents attackers with physical access from trivially bypassing security on the machine through valid troubleshooting configurations and gaining root access when the system is rebooted.</p></div></td></tr><tr><td colspan="2"><div class="evaluation-messages"><span class="label label-default"><abbr title="Messages taken from rule-result">Evaluation messages</abbr></span><div class="panel panel-default"><div class="panel-body"><span class="label label-primary">info</span> <pre><message xmlns="http://checklists.nist.gov/xccdf/1.2" severity="info">No candidate or applicable check found.</message></pre></div></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_banner_enabled" id="rule-detail-idm45508565082672"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Enable GNOME3 Login Warning Bannerxccdf_org.ssgproject.content_rule_dconf_gnome_banner_enabled mediumCCE-26970-4 </div><div class="panel-heading"><h3 class="panel-title">Enable GNOME3 Login Warning Banner</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_banner_enabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-26970-4">CCE-26970-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010030</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86483r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.7.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.9</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000048</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)(3)</a>, <a href="">OS-SRG-000023-GPOS-00006</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000024-GPOS-00007</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000228-GPOS-00088</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>In the default graphical environment, displaying a login warning banner in the GNOME Display Manager's login screen can be enabled on the login screen by setting <code>banner-message-enable</code> to <code>true</code>. <br><br> To enable, add or edit <code>banner-message-enable</code> to <code>/etc/dconf/db/gdm.d/00-security-settings</code>. For example: <pre>[org/gnome/login-screen] banner-message-enable=true</pre> Once the setting has been added, add a lock to <code>/etc/dconf/db/gdm.d/locks/00-security-settings-lock</code> to prevent user modification. For example: <pre>/org/gnome/login-screen/banner-message-enable</pre> After the settings have been set, run <code>dconf update</code>. The banner text must also be set.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. <br><br> For U.S. Government systems, system use notifications are required only for access via login interfaces with human users and are not required when such human interfaces do not exist.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_login_banner_text" id="rule-detail-idm45508565078592"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set the GNOME3 Login Warning Banner Textxccdf_org.ssgproject.content_rule_dconf_gnome_login_banner_text mediumCCE-26892-0 </div><div class="panel-heading"><h3 class="panel-title">Set the GNOME3 Login Warning Banner Text</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_login_banner_text</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-26892-0">CCE-26892-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010040</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86485r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.7.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.9</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000048</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000023-GPOS-00006</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000024-GPOS-00007</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000228-GPOS-00088</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>In the default graphical environment, configuring the login warning banner text in the GNOME Display Manager's login screen can be configured on the login screen by setting <code>banner-message-text</code> to <code>string '<i>APPROVED_BANNER</i>'</code> where <i>APPROVED_BANNER</i> is the approved banner for your environment. <br><br> To enable, add or edit <code>banner-message-text</code> to <code>/etc/dconf/db/gdm.d/00-security-settings</code>. For example: <pre>[org/gnome/login-screen] banner-message-text='<i>APPROVED_BANNER</i>'</pre> Once the setting has been added, add a lock to <code>/etc/dconf/db/gdm.d/locks/00-security-settings-lock</code> to prevent user modification. For example: <pre>/org/gnome/login-screen/banner-message-text</pre> After the settings have been set, run <code>dconf update</code>. When entering a warning banner that spans several lines, remember to begin and end the string with <code>'</code> and use <code>\n</code> for new lines.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>An appropriate warning message reinforces policy awareness during the logon process and facilitates possible legal action against attackers.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_banner_etc_issue" id="rule-detail-idm45508565070608"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Modify the System Login Bannerxccdf_org.ssgproject.content_rule_banner_etc_issue mediumCCE-27303-7 </div><div class="panel-heading"><h3 class="panel-title">Modify the System Login Banner</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_banner_etc_issue</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27303-7">CCE-27303-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010050</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86487r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.7.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.9</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000048</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-8(c)(3)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000023-GPOS-00006</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000024-GPOS-00007</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To configure the system login banner edit <code>/etc/issue</code>. Replace the default text with a message compliant with the local site policy or a legal disclaimer. The DoD required text is either: <br><br> <code>You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: <br>-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. <br>-At any time, the USG may inspect and seize data stored on this IS. <br>-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. <br>-This IS includes security measures (e.g., authentication and access controls) to protect USG interests -- not for your personal benefit or privacy. <br>-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.</code> <br><br> OR: <br><br> <code>I've read & consent to terms in IS user agreem't.</code></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. <br><br> System use notifications are required only for access via login interfaces with human users and are not required when such human interfaces do not exist.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny_root" id="rule-detail-idm45508565058992"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure the root Account for Failed Password Attemptsxccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny_root mediumCCE-80353-6 </div><div class="panel-heading"><h3 class="panel-title">Configure the root Account for Failed Password Attempts</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny_root</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80353-6">CCE-80353-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010330</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86569r2_rule</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002238</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(b)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000329-GPOS-00128</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000021-GPOS-00005</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To configure the system to lock out the <code>root</code> account after a number of incorrect login attempts using <code>pam_faillock.so</code>, modify the content of both <code>/etc/pam.d/system-auth</code> and <code>/etc/pam.d/password-auth</code> as follows: <br><br> <ul><li>Modify the following line in the <code>AUTH</code> section to add <code>even_deny_root</code>: <pre>auth required pam_faillock.so preauth silent <b>even_deny_root</b> deny=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_deny">3</abbr> unlock_time=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_unlock_time">never</abbr> fail_interval=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_fail_interval">900</abbr></pre></li><li>Modify the following line in the <code>AUTH</code> section to add <code>even_deny_root</code>: <pre>auth [default=die] pam_faillock.so authfail <b>even_deny_root</b> deny=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_deny">3</abbr> unlock_time=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_unlock_time">never</abbr> fail_interval=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_fail_interval">900</abbr></pre></li></ul></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time" id="rule-detail-idm45508565055232"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Lockout Time For Failed Password Attemptsxccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time mediumCCE-26884-7 </div><div class="panel-heading"><h3 class="panel-title">Set Lockout Time For Failed Password Attempts</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-26884-7">CCE-26884-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010320</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86567r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.3.2</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.8</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002238</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(b)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.1.7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000329-GPOS-00128</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000021-GPOS-00005</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To configure the system to lock out accounts after a number of incorrect login attempts and require an administrator to unlock the account using <code>pam_faillock.so</code>, modify the content of both <code>/etc/pam.d/system-auth</code> and <code>/etc/pam.d/password-auth</code> as follows: <br><br> <ul><li> add the following line immediately <code>before</code> the <code>pam_unix.so</code> statement in the <code>AUTH</code> section: <pre>auth required pam_faillock.so preauth silent deny=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_deny">3</abbr> unlock_time=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_unlock_time">never</abbr> fail_interval=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_fail_interval">900</abbr></pre></li><li> add the following line immediately <code>after</code> the <code>pam_unix.so</code> statement in the <code>AUTH</code> section: <pre>auth [default=die] pam_faillock.so authfail deny=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_deny">3</abbr> unlock_time=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_unlock_time">never</abbr> fail_interval=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_fail_interval">900</abbr></pre></li><li> add the following line immediately <code>before</code> the <code>pam_unix.so</code> statement in the <code>ACCOUNT</code> section: <pre>account required pam_faillock.so</pre></li></ul></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Locking out user accounts after a number of incorrect attempts prevents direct password guessing attacks. Ensuring that an administrator is involved in unlocking locked accounts draws appropriate attention to such situations.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval" id="rule-detail-idm45508565048304"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Interval For Counting Failed Password Attemptsxccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval mediumCCE-27297-1 </div><div class="panel-heading"><h3 class="panel-title">Set Interval For Counting Failed Password Attempts</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27297-1">CCE-27297-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010320</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86567r3_rule</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002238</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(b)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000329-GPOS-00128</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000021-GPOS-00005</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Utilizing <code>pam_faillock.so</code>, the <code>fail_interval</code> directive configures the system to lock out an accounts after a number of incorrect login attempts within a specified time period. Modify the content of both <code>/etc/pam.d/system-auth</code> and <code>/etc/pam.d/password-auth</code> as follows: <br><br> <ul><li>Add the following line immediately <code>before</code> the <code>pam_unix.so</code> statement in the <code>AUTH</code> section: <pre>auth required pam_faillock.so preauth silent deny=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_deny">3</abbr> unlock_time=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_unlock_time">never</abbr> fail_interval=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_fail_interval">900</abbr></pre></li><li>Add the following line immediately <code>after</code> the <code>pam_unix.so</code> statement in the <code>AUTH</code> section: <pre>auth [default=die] pam_faillock.so authfail deny=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_deny">3</abbr> unlock_time=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_unlock_time">never</abbr> fail_interval=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_fail_interval">900</abbr></pre></li><li>Add the following line immediately <code>before</code> the <code>pam_unix.so</code> statement in the <code>ACCOUNT</code> section: <pre>account required pam_faillock.so</pre></li></ul></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>By limiting the number of failed logon attempts the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny" id="rule-detail-idm45508565043680"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Deny For Failed Password Attemptsxccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny mediumCCE-27350-8 </div><div class="panel-heading"><h3 class="panel-title">Set Deny For Failed Password Attempts</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27350-8">CCE-27350-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010320</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86567r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.3.2</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.8</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002238</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(b)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.1.6</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000329-GPOS-00128</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000021-GPOS-00005</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To configure the system to lock out accounts after a number of incorrect login attempts using <code>pam_faillock.so</code>, modify the content of both <code>/etc/pam.d/system-auth</code> and <code>/etc/pam.d/password-auth</code> as follows: <br><br> <ul><li> add the following line immediately <code>before</code> the <code>pam_unix.so</code> statement in the <code>AUTH</code> section: <pre>auth required pam_faillock.so preauth silent deny=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_deny">3</abbr> unlock_time=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_unlock_time">never</abbr> fail_interval=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_fail_interval">900</abbr></pre></li><li> add the following line immediately <code>after</code> the <code>pam_unix.so</code> statement in the <code>AUTH</code> section: <pre>auth [default=die] pam_faillock.so authfail deny=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_deny">3</abbr> unlock_time=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_unlock_time">never</abbr> fail_interval=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_fail_interval">900</abbr></pre></li><li> add the following line immediately <code>before</code> the <code>pam_unix.so</code> statement in the <code>ACCOUNT</code> section: <pre>account required pam_faillock.so</pre></li></ul></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Locking out user accounts after a number of incorrect attempts prevents direct password guessing attacks.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen" id="rule-detail-idm45508565039136"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Password Minimum Lengthxccdf_org.ssgproject.content_rule_accounts_password_pam_minlen mediumCCE-27293-0 </div><div class="panel-heading"><h3 class="panel-title">Set Password Minimum Length</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27293-0">CCE-27293-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010280</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86559r1_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">6.3.2</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.6.2.1.1</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000205</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.2.3</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000078-GPOS-00046</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The pam_pwquality module's <code>minlen</code> parameter controls requirements for minimum characters required in a password. Add <code>minlen=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_minlen">12</abbr></code> after pam_pwquality to set minimum password length requirements.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised. <br> Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to determine strength and how long it takes to crack a password. Use of more characters in a password helps to exponentially increase the time and/or resources required to compromose the password.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit" id="rule-detail-idm45508565029904"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Password Strength Minimum Digit Charactersxccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit mediumCCE-27214-6 </div><div class="panel-heading"><h3 class="panel-title">Set Password Strength Minimum Digit Characters</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27214-6">CCE-27214-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010140</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86531r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">6.3.2</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000194</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">194</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.2.3</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000071-GPOS-00039</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The pam_pwquality module's <code>dcredit</code> parameter controls requirements for usage of digits in a password. When set to a negative number, any password will be required to contain that many digits. When set to a positive number, pam_pwquality will grant +1 additional length credit for each digit. Modify the <code>dcredit</code> setting in <code>/etc/security/pwquality.conf</code> to require the use of a digit in passwords.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. <br><br> Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possble combinations that need to be tested before the password is compromised. Requiring digits makes password guessing attacks more difficult by ensuring a larger search space.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit" id="rule-detail-idm45508565020624"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Password Strength Minimum Special Charactersxccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit mediumCCE-27360-7 </div><div class="panel-heading"><h3 class="panel-title">Set Password Strength Minimum Special Characters</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27360-7">CCE-27360-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010150</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86533r1_rule</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001619</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000266-GPOS-00101</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The pam_pwquality module's <code>ocredit=</code> parameter controls requirements for usage of special (or "other") characters in a password. When set to a negative number, any password will be required to contain that many special characters. When set to a positive number, pam_pwquality will grant +1 additional length credit for each special character. Modify the <code>ocredit</code> setting in <code>/etc/security/pwquality.conf</code> to equal <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_ocredit">-1</abbr> to require use of a special character in passwords.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. <br><br> Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possble combinations that need to be tested before the password is compromised. Requiring a minimum number of special characters makes password guessing attacks more difficult by ensuring a larger search space.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit" id="rule-detail-idm45508565016064"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Password Strength Minimum Lowercase Charactersxccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit mediumCCE-27345-8 </div><div class="panel-heading"><h3 class="panel-title">Set Password Strength Minimum Lowercase Characters</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27345-8">CCE-27345-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010130</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86529r4_rule</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000193</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.2.3</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000070-GPOS-00038</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The pam_pwquality module's <code>lcredit</code> parameter controls requirements for usage of lowercase letters in a password. When set to a negative number, any password will be required to contain that many lowercase characters. When set to a positive number, pam_pwquality will grant +1 additional length credit for each lowercase character. Modify the <code>lcredit</code> setting in <code>/etc/security/pwquality.conf</code> to require the use of a lowercase character in passwords.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. <br><br> Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possble combinations that need to be tested before the password is compromised. Requiring a minimum number of lowercase characters makes password guessing attacks more difficult by ensuring a larger search space.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit" id="rule-detail-idm45508565011552"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Password Strength Minimum Uppercase Charactersxccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit mediumCCE-27200-5 </div><div class="panel-heading"><h3 class="panel-title">Set Password Strength Minimum Uppercase Characters</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27200-5">CCE-27200-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010120</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86527r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">6.3.2</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000192</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-8.2.3</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000069-GPOS-00037</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The pam_pwquality module's <code>ucredit=</code> parameter controls requirements for usage of uppercase letters in a password. When set to a negative number, any password will be required to contain that many uppercase characters. When set to a positive number, pam_pwquality will grant +1 additional length credit for each uppercase character. Modify the <code>ucredit</code> setting in <code>/etc/security/pwquality.conf</code> to require the use of an uppercase character in passwords.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Use of a complex password helps to increase the time and resources reuiqred to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. <br><br> Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_password_pam_retry" id="rule-detail-idm45508565007040"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Password Retry Prompts Permitted Per-Sessionxccdf_org.ssgproject.content_rule_accounts_password_pam_retry unknownCCE-27160-1 </div><div class="panel-heading"><h3 class="panel-title">Set Password Retry Prompts Permitted Per-Session</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_password_pam_retry</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27160-1">CCE-27160-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_MOF_EXT.1</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-010119</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-87811r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">6.3.2</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.3</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000480-GPOS-00225</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To configure the number of retry prompts that are permitted per-session: <br><br> Edit the <code>pam_pwquality.so</code> statement in <code>/etc/pam.d/system-auth</code> to show <code>retry=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_password_pam_retry">3</abbr></code>, or a lower value if site policy is more restrictive. <br><br> The DoD requirement is a maximum of 3 prompts per session.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Setting the password retry prompts that are permitted on a per-session basis to a low value requires some software, such as SSH, to re-connect. This can slow down and draw additional attention to some types of password-guessing attacks. Note that this is different from account lockout, which is provided by the pam_faillock module.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-notchecked rule-detail-id-xccdf_org.ssgproject.content_rule_auditd_audispd_encrypt_sent_records" id="rule-detail-idm45508564982000"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Encrypt Audit Records Sent With audispd Pluginxccdf_org.ssgproject.content_rule_auditd_audispd_encrypt_sent_records mediumCCE-80540-8 </div><div class="panel-heading"><h3 class="panel-title">Encrypt Audit Records Sent With audispd Plugin</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_auditd_audispd_encrypt_sent_records</td></tr><tr><td>Result</td><td class="rule-result rule-result-notchecked"><div><abbr title="The Rule was not evaluated by the checking engine. This status is designed for Rule elements that have no check elements or that correspond to an unsupported checking system. It may also correspond to a status returned by a checking engine if the checking engine does not support the indicated check code.">notchecked</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80540-8">CCE-80540-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001851</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000342-GPOS-00133</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030310</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86709r1_rule</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Configure the operating system to encrypt the transfer of off-loaded audit records onto a different system or media from the system being audited. Uncomment the <code>enable_krb5</code> option in <pre>/etc/audisp/audisp-remote.conf</pre>, and set it with the following line: <pre>enable_krb5 = yes</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.</p></div></td></tr><tr><td colspan="2"><div class="evaluation-messages"><span class="label label-default"><abbr title="Messages taken from rule-result">Evaluation messages</abbr></span><div class="panel panel-default"><div class="panel-body"><span class="label label-primary">info</span> <pre><message xmlns="http://checklists.nist.gov/xccdf/1.2" severity="info">No candidate or applicable check found.</message></pre></div></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-notchecked rule-detail-id-xccdf_org.ssgproject.content_rule_auditd_audispd_configure_remote_server" id="rule-detail-idm45508564979312"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure audispd Plugin To Send Logs To Remote Serverxccdf_org.ssgproject.content_rule_auditd_audispd_configure_remote_server mediumCCE-80541-6 </div><div class="panel-heading"><h3 class="panel-title">Configure audispd Plugin To Send Logs To Remote Server</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_auditd_audispd_configure_remote_server</td></tr><tr><td>Result</td><td class="rule-result rule-result-notchecked"><div><abbr title="The Rule was not evaluated by the checking engine. This status is designed for Rule elements that have no check elements or that correspond to an unsupported checking system. It may also correspond to a status returned by a checking engine if the checking engine does not support the indicated check code.">notchecked</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80541-6">CCE-80541-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001851</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000342-GPOS-00133</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030300</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86707r1_rule</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>Configure the audispd plugin to off-load audit records onto a different system or media from the system being audited. Set the <code>remote_server</code> option in <pre>/etc/audisp/audisp-remote.conf</pre> with an IP address or hostname of the system that the audispd plugin should send audit records to. For example replacing <i>REMOTE_SYSTEM</i> with an IP address or hostname: <pre>remote_server = <i>REMOTE_SYSTEM</i></pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Information stored in one location is vulnerable to accidental or incidental deletion or alteration.Off-loading is a common process in information systems with limited audit storage capacity.</p></div></td></tr><tr><td colspan="2"><div class="evaluation-messages"><span class="label label-default"><abbr title="Messages taken from rule-result">Evaluation messages</abbr></span><div class="panel panel-default"><div class="panel-body"><span class="label label-primary">info</span> <pre><message xmlns="http://checklists.nist.gov/xccdf/1.2" severity="info">No candidate or applicable check found.</message></pre></div></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_auditd_audispd_syslog_plugin_activated" id="rule-detail-idm45508564976176"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure auditd to use audispd's syslog pluginxccdf_org.ssgproject.content_rule_auditd_audispd_syslog_plugin_activated mediumCCE-27341-7 </div><div class="panel-heading"><h3 class="panel-title">Configure auditd to use audispd's syslog plugin</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_auditd_audispd_syslog_plugin_activated</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27341-7">CCE-27341-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000136</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(6)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(8)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.314(a)(2)(i)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.314(a)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.3</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To configure the <code>auditd</code> service to use the <code>syslog</code> plug-in of the <code>audispd</code> audit event multiplexor, set the <code>active</code> line in <code>/etc/audisp/plugins.d/syslog.conf</code> to <code>yes</code>. Restart the <code>auditd</code> service: <pre>$ sudo service auditd restart</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The auditd service does not include the ability to send audit records to a centralized server for management directly. It does, however, include a plug-in for audit event multiplexor (audispd) to pass audit records to the local syslog server</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_rmmod" id="rule-detail-idm45508564947200"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on Kernel Module Unloading - rmmodxccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_rmmod mediumCCE-80416-1 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on Kernel Module Unloading - rmmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_rmmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80416-1">CCE-80416-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030850</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86817r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.17</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00216</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000477-GPOS-00222</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To capture invocation of rmmod, utility used to remove modules from kernel, add the following line: <pre>-w /usr/sbin/rmmod -p x -k modules</pre> Place to add the line depends on a way <code>auditd</code> daemon is configured. If it is configured to use the <code>augenrules</code> program (the default), add the line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility, add the line to file <code>/etc/audit/audit.rules</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The removal of kernel modules can be used to alter the behavior of the kernel and potentially introduce malicious code into kernel space. It is important to have an audit trail of modules that have been introduced into the kernel.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_modprobe" id="rule-detail-idm45508564941120"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on Kernel Module Loading and Unloading - modprobexccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_modprobe mediumCCE-80417-9 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on Kernel Module Loading and Unloading - modprobe</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_modprobe</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80417-9">CCE-80417-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030860</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86819r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.17</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00216</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000477-GPOS-00222</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To capture invocation of modprobe, utility used to insert / remove modules from kernel, add the following line: <pre>-w /usr/sbin/modprobe -p x -k modules</pre> Place to add the line depends on a way <code>auditd</code> daemon is configured. If it is configured to use the <code>augenrules</code> program (the default), add the line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility, add the line to file <code>/etc/audit/audit.rules</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The addition/removal of kernel modules can be used to alter the behavior of the kernel and potentially introduce malicious code into kernel space. It is important to have an audit trail of modules that have been introduced into the kernel.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete" id="rule-detail-idm45508564937360"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on Kernel Module Unloading - delete_modulexccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete mediumCCE-80415-3 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on Kernel Module Unloading - delete_module</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80415-3">CCE-80415-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030830</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86813r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.17</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00216</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000477-GPOS-00222</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To capture kernel module unloading events, use following line, setting ARCH to either b32 for 32-bit system, or having two lines for both b32 and b64 in case your system is 64-bit: <pre>-a always,exit -F arch=<i>ARCH</i> -S delete_module -F key=modules</pre> Place to add the line depends on a way <code>auditd</code> daemon is configured. If it is configured to use the <code>augenrules</code> program (the default), add the line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility, add the line to file <code>/etc/audit/audit.rules</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The removal of kernel modules can be used to alter the behavior of the kernel and potentially introduce malicious code into kernel space. It is important to have an audit trail of modules that have been introduced into the kernel.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_insmod" id="rule-detail-idm45508564931312"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on Kernel Module Loading - insmodxccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_insmod mediumCCE-80446-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on Kernel Module Loading - insmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_insmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80446-8">CCE-80446-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030840</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86815r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.17</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00216</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000477-GPOS-00222</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To capture invocation of insmod, utility used to insert modules into kernel, use the following line: <pre>-w /usr/sbin/insmod -p x -k modules</pre> Place to add the line depends on a way <code>auditd</code> daemon is configured. If it is configured to use the <code>augenrules</code> program (the default), add the line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility, add the line to file <code>/etc/audit/audit.rules</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The addition of kernel modules can be used to alter the behavior of the kernel and potentially introduce malicious code into kernel space. It is important to have an audit trail of modules that have been introduced into the kernel.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" id="rule-detail-idm45508564925808"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on Kernel Module Loading - init_modulexccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init mediumCCE-80414-6 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on Kernel Module Loading - init_module</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80414-6">CCE-80414-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030820</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86811r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.17</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00216</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000477-GPOS-00222</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To capture kernel module loading events, use following line, setting ARCH to either b32 for 32-bit system, or having two lines for both b32 and b64 in case your system is 64-bit: <pre>-a always,exit -F arch=<i>ARCH</i> -S init_module -F key=modules</pre> Place to add the line depends on a way <code>auditd</code> daemon is configured. If it is configured to use the <code>augenrules</code> program (the default), add the line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility, add the line to file <code>/etc/audit/audit.rules</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The addition of kernel modules can be used to alter the behavior of the kernel and potentially introduce malicious code into kernel space. It is important to have an audit trail of modules that have been introduced into the kernel.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog" id="rule-detail-idm45508564919776"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Attempts to Alter Logon and Logout Events - lastlogxccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog mediumCCE-80384-1 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Logon and Logout Events - lastlog</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80384-1">CCE-80384-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030620</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86771r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.8</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.3</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000470-GPOS-00214</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000473-GPOS-00218</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system already collects login information for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code> in order to watch for attempted manual edits of files involved in storing logon events: <pre>-w /var/log/lastlog -p wa -k logins</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file in order to watch for unattempted manual edits of files involved in storing logon events: <pre>-w /var/log/lastlog -p wa -k logins</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Manual editing of these files may indicate nefarious activity, such as an attacker attempting to remove evidence of an intrusion.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock" id="rule-detail-idm45508564916048"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Attempts to Alter Logon and Logout Events - faillockxccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock mediumCCE-80383-3 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Logon and Logout Events - faillock</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80383-3">CCE-80383-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030610</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86769r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.8</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.3</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000470-GPOS-00214</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000473-GPOS-00218</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system already collects login information for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code> in order to watch for attempted manual edits of files involved in storing logon events: <pre>-w /var/run/faillock/ -p wa -k logins</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file in order to watch for unattempted manual edits of files involved in storing logon events: <pre>-w /var/run/faillock/ -p wa -k logins</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Manual editing of these files may indicate nefarious activity, such as an attacker attempting to remove evidence of an intrusion.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_login_events_tallylog" id="rule-detail-idm45508564912368"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Attempts to Alter Logon and Logout Events - tallylogxccdf_org.ssgproject.content_rule_audit_rules_login_events_tallylog mediumCCE-80382-5 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Logon and Logout Events - tallylog</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_login_events_tallylog</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80382-5">CCE-80382-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030600</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86767r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.8</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.3</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000470-GPOS-00214</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000473-GPOS-00218</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system already collects login information for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code> in order to watch for attempted manual edits of files involved in storing logon events: <pre>-w /var/log/tallylog -p wa -k logins</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file in order to watch for unattempted manual edits of files involved in storing logon events: <pre>-w /var/log/tallylog -p wa -k logins</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Manual editing of these files may indicate nefarious activity, such as an attacker attempting to remove evidence of an intrusion.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown" id="rule-detail-idm45508564896816"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - fchownxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown unknownCCE-27356-5 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fchown</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27356-5">CCE-27356-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030380</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86723r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000474-GPOS-00219</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S fchown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S fchown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following line to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b32 -S fchown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S fchown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to gain access to information that would otherwise be disallowed. Auditing DAC modifications can facilitate the identification of patterns of abuse among both authorized and unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr" id="rule-detail-idm45508564893088"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - setxattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr unknownCCE-27213-8 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - setxattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27213-8">CCE-27213-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030440</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86735r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S setxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S setxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following line to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b32 -S setxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S setxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to gain access to information that would otherwise be disallowed. Auditing DAC modifications can facilitate the identification of patterns of abuse among both authorized and unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr" id="rule-detail-idm45508564889408"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - fsetxattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr unknownCCE-27389-6 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fsetxattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27389-6">CCE-27389-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030450</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86737r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S fsetxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S fsetxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following line to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b32 -S fsetxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S fsetxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to gain access to information that would otherwise be disallowed. Auditing DAC modifications can facilitate the identification of patterns of abuse among both authorized and unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown" id="rule-detail-idm45508564885712"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - chownxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown unknownCCE-27364-9 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - chown</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27364-9">CCE-27364-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030370</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86721r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000474-GPOS-00219</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S chown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S chown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following line to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b32 -S chown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S chown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to gain access to information that would otherwise be disallowed. Auditing DAC modifications can facilitate the identification of patterns of abuse among both authorized and unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat" id="rule-detail-idm45508564882032"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - fchownatxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat unknownCCE-27387-0 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fchownat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27387-0">CCE-27387-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030400</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86727r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000474-GPOS-00219</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S fchownat -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S fchownat -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following line to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b32 -S fchownat -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S fchownat -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to gain access to information that would otherwise be disallowed. Auditing DAC modifications can facilitate the identification of patterns of abuse among both authorized and unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown" id="rule-detail-idm45508564878352"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - lchownxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown unknownCCE-27083-5 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - lchown</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27083-5">CCE-27083-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030390</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86725r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000474-GPOS-00219</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S lchown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S lchown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following line to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b32 -S lchown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S lchown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to gain access to information that would otherwise be disallowed. Auditing DAC modifications can facilitate the identification of patterns of abuse among both authorized and unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod" id="rule-detail-idm45508564874672"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - chmodxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod unknownCCE-27339-1 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - chmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27339-1">CCE-27339-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030410</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86729r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S chmod -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S chmod -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following line to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b32 -S chmod -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S chmod -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to gain access to information that would otherwise be disallowed. Auditing DAC modifications can facilitate the identification of patterns of abuse among both authorized and unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr" id="rule-detail-idm45508564870992"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - removexattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr mediumCCE-27367-2 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - removexattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27367-2">CCE-27367-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030470</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86741r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission changes for all users and root. <br><br> If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S removexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> <br><br> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S removexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> <br><br> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following line to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b32 -S removexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> <br><br> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S removexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to gain access to information that would otherwise be disallowed. Auditing DAC modifications can facilitate the identification of patterns of abuse among both authorized and unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr" id="rule-detail-idm45508564867296"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - fremovexattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr mediumCCE-27353-2 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fremovexattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27353-2">CCE-27353-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030480</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86743r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission changes for all users and root. <br><br> If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S fremovexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> <br><br> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S fremovexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> <br><br> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following line to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b32 -S fremovexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> <br><br> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S fremovexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to gain access to information that would otherwise be disallowed. Auditing DAC modifications can facilitate the identification of patterns of abuse among both authorized and unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr" id="rule-detail-idm45508564863584"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - lsetxattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr unknownCCE-27280-7 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - lsetxattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27280-7">CCE-27280-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030460</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86739r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000474-GPOS-00219</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S lsetxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S lsetxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following line to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b32 -S lsetxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S lsetxattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to gain access to information that would otherwise be disallowed. Auditing DAC modifications can facilitate the identification of patterns of abuse among both authorized and unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod" id="rule-detail-idm45508564859888"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - fchmodxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod unknownCCE-27393-8 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fchmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27393-8">CCE-27393-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030420</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86731r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S fchmod -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S fchmod -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following line to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b32 -S fchmod -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S fchmod -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to gain access to information that would otherwise be disallowed. Auditing DAC modifications can facilitate the identification of patterns of abuse among both authorized and unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr" id="rule-detail-idm45508564856208"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - lremovexattrxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr mediumCCE-27410-0 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - lremovexattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27410-0">CCE-27410-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030490</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86745r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission changes for all users and root. <br><br> If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S lremovexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> <br><br> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S lremovexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> <br><br> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following line to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b32 -S lremovexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> <br><br> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S lremovexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to gain access to information that would otherwise be disallowed. Auditing DAC modifications can facilitate the identification of patterns of abuse among both authorized and unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat" id="rule-detail-idm45508564852496"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Discretionary Access Controls - fchmodatxccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat unknownCCE-27388-8 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Discretionary Access Controls - fchmodat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27388-8">CCE-27388-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030430</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86733r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S fchmodat -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S fchmodat -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following line to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b32 -S fchmodat -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre> If the system is 64 bit then also add the following line: <pre>-a always,exit -F arch=b64 -S fchmodat -F auid>=1000 -F auid!=4294967295 -F key=perm_mod</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The changing of file permissions could indicate that a user is attempting to gain access to information that would otherwise be disallowed. Auditing DAC modifications can facilitate the identification of patterns of abuse among both authorized and unauthorized users.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_seunshare" id="rule-detail-idm45508564848816"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Any Attempts to Run seunsharexccdf_org.ssgproject.content_rule_audit_rules_execution_seunshare medium</div><div class="panel-heading"><h3 class="panel-title">Record Any Attempts to Run seunshare</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_execution_seunshare</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect any execution attempt of the <code>seunshare</code> command for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/sbin/seunshare -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged-priv_change</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F path=/usr/sbin/seunshare -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged-priv_change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_setsebool" id="rule-detail-idm45508564844032"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Any Attempts to Run setseboolxccdf_org.ssgproject.content_rule_audit_rules_execution_setsebool mediumCCE-80392-4 </div><div class="panel-heading"><h3 class="panel-title">Record Any Attempts to Run setsebool</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_execution_setsebool</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80392-4">CCE-80392-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030570</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86761r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000463-GPOS-00207</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000465-GPOS-00209</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect any execution attempt of the <code>setsebool</code> command for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/sbin/setsebool -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F path=/usr/sbin/setsebool -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_semanage" id="rule-detail-idm45508564840352"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Any Attempts to Run semanagexccdf_org.ssgproject.content_rule_audit_rules_execution_semanage mediumCCE-80391-6 </div><div class="panel-heading"><h3 class="panel-title">Record Any Attempts to Run semanage</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_execution_semanage</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80391-6">CCE-80391-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030560</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86759r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000463-GPOS-00207</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000465-GPOS-00209</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect any execution attempt of the <code>semanage</code> command for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_chcon" id="rule-detail-idm45508564836672"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Any Attempts to Run chconxccdf_org.ssgproject.content_rule_audit_rules_execution_chcon mediumCCE-80393-2 </div><div class="panel-heading"><h3 class="panel-title">Record Any Attempts to Run chcon</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_execution_chcon</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80393-2">CCE-80393-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030580</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86763r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000463-GPOS-00207</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000465-GPOS-00209</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect any execution attempt of the <code>chcon</code> command for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_execution_restorecon" id="rule-detail-idm45508564832992"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Any Attempts to Run restoreconxccdf_org.ssgproject.content_rule_audit_rules_execution_restorecon mediumCCE-80394-0 </div><div class="panel-heading"><h3 class="panel-title">Record Any Attempts to Run restorecon</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_execution_restorecon</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80394-0">CCE-80394-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000463-GPOS-00207</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000465-GPOS-00209</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect any execution attempt of the <code>restorecon</code> command for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/sbin/restorecon -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F path=/usr/sbin/restorecon -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir" id="rule-detail-idm45508564829312"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects File Deletion Events by User - rmdirxccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir mediumCCE-80412-0 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects File Deletion Events by User - rmdir</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80412-0">CCE-80412-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030900</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86827r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000466-GPOS-00210</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000467-GPOS-00210</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000468-GPOS-00212</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file deletion events for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>, setting ARCH to either b32 or b64 as appropriate for your system: <pre>-a always,exit -F arch=ARCH -S rmdir -F auid>=1000 -F auid!=4294967295 -F key=delete</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following line to <code>/etc/audit/audit.rules</code> file, setting ARCH to either b32 or b64 as appropriate for your system: <pre>-a always,exit -F arch=ARCH -S rmdir -F auid>=1000 -F auid!=4294967295 -F key=delete</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Auditing file deletions will create an audit trail for files that are removed from the system. The audit trail could aid in system troubleshooting, as well as, detecting malicious processes that attempt to delete log files to conceal their presence.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat" id="rule-detail-idm45508564825616"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects File Deletion Events by User - unlinkatxccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat mediumCCE-27206-2 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects File Deletion Events by User - unlinkat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27206-2">CCE-27206-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030920</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86831r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000466-GPOS-00210</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000467-GPOS-00210</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000468-GPOS-00212</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file deletion events for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>, setting ARCH to either b32 or b64 as appropriate for your system: <pre>-a always,exit -F arch=ARCH -S unlinkat -F auid>=1000 -F auid!=4294967295 -F key=delete</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following line to <code>/etc/audit/audit.rules</code> file, setting ARCH to either b32 or b64 as appropriate for your system: <pre>-a always,exit -F arch=ARCH -S unlinkat -F auid>=1000 -F auid!=4294967295 -F key=delete</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Auditing file deletions will create an audit trail for files that are removed from the system. The audit trail could aid in system troubleshooting, as well as, detecting malicious processes that attempt to delete log files to conceal their presence.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename" id="rule-detail-idm45508564819568"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects File Deletion Events by User - renamexccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename mediumCCE-27206-2 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects File Deletion Events by User - rename</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27206-2">CCE-27206-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030880</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86823r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000466-GPOS-00210</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000467-GPOS-00210</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000468-GPOS-00212</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file deletion events for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>, setting ARCH to either b32 or b64 as appropriate for your system: <pre>-a always,exit -F arch=ARCH -S rename -F auid>=1000 -F auid!=4294967295 -F key=delete</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following line to <code>/etc/audit/audit.rules</code> file, setting ARCH to either b32 or b64 as appropriate for your system: <pre>-a always,exit -F arch=ARCH -S rename -F auid>=1000 -F auid!=4294967295 -F key=delete</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Auditing file deletions will create an audit trail for files that are removed from the system. The audit trail could aid in system troubleshooting, as well as, detecting malicious processes that attempt to delete log files to conceal their presence.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat" id="rule-detail-idm45508564815824"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects File Deletion Events by User - renameatxccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat mediumCCE-80413-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects File Deletion Events by User - renameat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80413-8">CCE-80413-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030890</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86825r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000466-GPOS-00210</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000467-GPOS-00210</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000468-GPOS-00212</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file deletion events for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>, setting ARCH to either b32 or b64 as appropriate for your system: <pre>-a always,exit -F arch=ARCH -S renameat -F auid>=1000 -F auid!=4294967295 -F key=delete</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following line to <code>/etc/audit/audit.rules</code> file, setting ARCH to either b32 or b64 as appropriate for your system: <pre>-a always,exit -F arch=ARCH -S renameat -F auid>=1000 -F auid!=4294967295 -F key=delete</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Auditing file deletions will create an audit trail for files that are removed from the system. The audit trail could aid in system troubleshooting, as well as, detecting malicious processes that attempt to delete log files to conceal their presence.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink" id="rule-detail-idm45508564812112"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects File Deletion Events by User - unlinkxccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink mediumCCE-27206-2 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects File Deletion Events by User - unlink</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27206-2">CCE-27206-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030910</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86829r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000366</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MA-4(1)(a)</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.7</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000466-GPOS-00210</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000467-GPOS-00210</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000468-GPOS-00212</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect file deletion events for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>, setting ARCH to either b32 or b64 as appropriate for your system: <pre>-a always,exit -F arch=ARCH -S unlink -F auid>=1000 -F auid!=4294967295 -F key=delete</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following line to <code>/etc/audit/audit.rules</code> file, setting ARCH to either b32 or b64 as appropriate for your system: <pre>-a always,exit -F arch=ARCH -S unlink -F auid>=1000 -F auid!=4294967295 -F key=delete</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Auditing file deletions will create an audit trail for files that are removed from the system. The audit trail could aid in system troubleshooting, as well as, detecting malicious processes that attempt to delete log files to conceal their presence.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passwd" id="rule-detail-idm45508564808416"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - passwdxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passwd mediumCCE-80395-7 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - passwd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_passwd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80395-7">CCE-80395-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030630</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86773r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add a line of the following form to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add a line of the following form to <code>/etc/audit/audit.rules</code>: <pre>-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudo" id="rule-detail-idm45508564804720"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - sudoxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudo mediumCCE-80401-3 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - sudo</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudo</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80401-3">CCE-80401-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030690</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86785r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add a line of the following form to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add a line of the following form to <code>/etc/audit/audit.rules</code>: <pre>-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr><tr><td colspan="2"><div class="remediation"><span class="label label-success">Remediation Shell script:</span>   <a data-toggle="collapse" data-target="#idm45508570712208">(show)</a><br></br><div class="panel-collapse collapse" id="idm45508570712208"><pre><code> PATTERN="-a always,exit -F path=/usr/bin/sudo\\s*.*" GROUP="privileged" FULL_RULE="-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged" # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' <abbr title="from TestResult: xccdf_org.ssgproject.content_value_function_fix_audit_syscall_rule"># Function to fix syscall audit rule for given system call. It is # based on example audit syscall rule definitions as outlined in # /usr/share/doc/audit-2.3.7/stig.rules file provided with the audit # package. It will combine multiple system calls belonging to the same # syscall group into one audit rule (rather than to create audit rule per # different system call) to avoid audit infrastructure performance penalty # in the case of 'one-audit-rule-definition-per-one-system-call'. See: # # https://www.redhat.com/archives/linux-audit/2014-November/msg00009.html # # for further details. # # Expects five arguments (each of them is required) in the form of: # * audit tool tool used to load audit rules, # either 'auditctl', or 'augenrules # * audit rules' pattern audit rule skeleton for same syscall # * syscall group greatest common string this rule shares # with other rules from the same group # * architecture architecture this rule is intended for # * full form of new rule to add expected full form of audit rule as to be # added into audit.rules file # # Note: The 2-th up to 4-th arguments are used to determine how many existing # audit rules will be inspected for resemblance with the new audit rule # (5-th argument) the function is going to add. The rule's similarity check # is performed to optimize audit.rules definition (merge syscalls of the same # group into one rule) to avoid the "single-syscall-per-audit-rule" performance # penalty. # # Example call: # # See e.g. 'audit_rules_file_deletion_events.sh' remediation script # function fix_audit_syscall_rule { # Load function arguments into local variables local tool="$1" local pattern="$2" local group="$3" local arch="$4" local full_rule="$5" # Check sanity of the input if [ $# -ne "5" ] then echo "Usage: fix_audit_syscall_rule 'tool' 'pattern' 'group' 'arch' 'full rule'" echo "Aborting." exit 1 fi # Create a list of audit *.rules files that should be inspected for presence and correctness # of a particular audit rule. The scheme is as follows: # # ----------------------------------------------------------------------------------------- # Tool used to load audit rules | Rule already defined | Audit rules file to inspect | # ----------------------------------------------------------------------------------------- # auditctl | Doesn't matter | /etc/audit/audit.rules | # ----------------------------------------------------------------------------------------- # augenrules | Yes | /etc/audit/rules.d/*.rules | # augenrules | No | /etc/audit/rules.d/$key.rules | # ----------------------------------------------------------------------------------------- # declare -a files_to_inspect retval=0 # First check sanity of the specified audit tool if [ "$tool" != 'auditctl' ] && [ "$tool" != 'augenrules' ] then echo "Unknown audit rules loading tool: $1. Aborting." echo "Use either 'auditctl' or 'augenrules'!" return 1 # If audit tool is 'auditctl', then add '/etc/audit/audit.rules' # file to the list of files to be inspected elif [ "$tool" == 'auditctl' ] then files_to_inspect=("${files_to_inspect[@]}" '/etc/audit/audit.rules' ) # If audit tool is 'augenrules', then check if the audit rule is defined # If rule is defined, add '/etc/audit/rules.d/*.rules' to the list for inspection # If rule isn't defined yet, add '/etc/audit/rules.d/$key.rules' to the list for inspection elif [ "$tool" == 'augenrules' ] then # Extract audit $key from audit rule so we can use it later key=$(expr "$full_rule" : '.*-k[[:space:]]\([^[:space:]]\+\)' '|' "$full_rule" : '.*-F[[:space:]]key=\([^[:space:]]\+\)') # Check if particular audit rule is already defined IFS=$'\n' matches=($(sed -s -n -e "\;${pattern};!d" -e "/${arch}/!d" -e "/${group}/!d;F" /etc/audit/rules.d/*.rules)) if [ $? -ne 0 ] then retval=1 fi # Reset IFS back to default unset IFS for match in "${matches[@]}" do files_to_inspect=("${files_to_inspect[@]}" "${match}") done # Case when particular rule isn't defined in /etc/audit/rules.d/*.rules yet if [ ${#files_to_inspect[@]} -eq "0" ] then files_to_inspect="/etc/audit/rules.d/$key.rules" if [ ! -e "$files_to_inspect" ] then touch "$files_to_inspect" chmod 0640 "$files_to_inspect" fi fi fi # # Indicator that we want to append $full_rule into $audit_file by default local append_expected_rule=0 for audit_file in "${files_to_inspect[@]}" do # Filter existing $audit_file rules' definitions to select those that: # * follow the rule pattern, and # * meet the hardware architecture requirement, and # * are current syscall group specific IFS=$'\n' existing_rules=($(sed -e "\;${pattern};!d" -e "/${arch}/!d" -e "/${group}/!d" "$audit_file")) if [ $? -ne 0 ] then retval=1 fi # Reset IFS back to default unset IFS # Process rules found case-by-case for rule in "${existing_rules[@]}" do # Found rule is for same arch & key, but differs (e.g. in count of -S arguments) if [ "${rule}" != "${full_rule}" ] then # If so, isolate just '(-S \w)+' substring of that rule rule_syscalls=$(echo $rule | grep -o -P '(-S \w+ )+') # Check if list of '-S syscall' arguments of that rule is subset # of '-S syscall' list of expected $full_rule if grep -q -- "$rule_syscalls" <<< "$full_rule" then # Rule is covered (i.e. the list of -S syscalls for this rule is # subset of -S syscalls of $full_rule => existing rule can be deleted # Thus delete the rule from audit.rules & our array sed -i -e "\;${rule};d" "$audit_file" if [ $? -ne 0 ] then retval=1 fi existing_rules=("${existing_rules[@]//$rule/}") else # Rule isn't covered by $full_rule - it besides -S syscall arguments # for this group contains also -S syscall arguments for other syscall # group. Example: '-S lchown -S fchmod -S fchownat' => group='chown' # since 'lchown' & 'fchownat' share 'chown' substring # Therefore: # * 1) delete the original rule from audit.rules # (original '-S lchown -S fchmod -S fchownat' rule would be deleted) # * 2) delete the -S syscall arguments for this syscall group, but # keep those not belonging to this syscall group # (original '-S lchown -S fchmod -S fchownat' would become '-S fchmod' # * 3) append the modified (filtered) rule again into audit.rules # if the same rule not already present # # 1) Delete the original rule sed -i -e "\;${rule};d" "$audit_file" if [ $? -ne 0 ] then retval=1 fi # 2) Delete syscalls for this group, but keep those from other groups # Convert current rule syscall's string into array splitting by '-S' delimiter IFS=$'-S' read -a rule_syscalls_as_array <<< "$rule_syscalls" # Reset IFS back to default unset IFS # Declare new empty string to hold '-S syscall' arguments from other groups new_syscalls_for_rule='' # Walk through existing '-S syscall' arguments for syscall_arg in "${rule_syscalls_as_array[@]}" do # Skip empty $syscall_arg values if [ "$syscall_arg" == '' ] then continue fi # If the '-S syscall' doesn't belong to current group add it to the new list # (together with adding '-S' delimiter back for each of such item found) if grep -q -v -- "$group" <<< "$syscall_arg" then new_syscalls_for_rule="$new_syscalls_for_rule -S $syscall_arg" fi done # Replace original '-S syscall' list with the new one for this rule updated_rule=${rule//$rule_syscalls/$new_syscalls_for_rule} # Squeeze repeated whitespace characters in rule definition (if any) into one updated_rule=$(echo "$updated_rule" | tr -s '[:space:]') # 3) Append the modified / filtered rule again into audit.rules # (but only in case it's not present yet to prevent duplicate definitions) if ! grep -q -- "$updated_rule" "$audit_file" then echo "$updated_rule" >> "$audit_file" fi fi else # $audit_file already contains the expected rule form for this # architecture & key => don't insert it second time append_expected_rule=1 fi done # We deleted all rules that were subset of the expected one for this arch & key. # Also isolated rules containing system calls not from this system calls group. # Now append the expected rule if it's not present in $audit_file yet if [[ ${append_expected_rule} -eq "0" ]] then echo "$full_rule" >> "$audit_file" fi done return $retval } </abbr> fix_audit_syscall_rule "auditctl" "$PATTERN" "$GROUP" "$ARCH" "$FULL_RULE" fix_audit_syscall_rule "augenrules" "$PATTERN" "$GROUP" "$ARCH" "$FULL_RULE" </code></pre></div></div></td></tr><tr><td colspan="2"><div class="remediation"><span class="label label-success">Remediation Ansible snippet:</span>   <a data-toggle="collapse" data-target="#idm45508570700400">(show)</a><br></br><div class="panel-collapse collapse" id="idm45508570700400"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code> # Inserts/replaces the rule in /etc/audit/rules.d - name: Search /etc/audit/rules.d for audit rule entries find: paths: "/etc/audit/rules.d" recurse: no contains: "^.*path=/usr/bin/sudo.*$" patterns: "*.rules" register: find_sudo - name: Use /etc/audit/rules.d/privileged.rules as the recipient for the rule set_fact: all_files: - /etc/audit/rules.d/privileged.rules when: find_sudo.matched == 0 - name: Use matched file as the recipient for the rule set_fact: all_files: - "{{ find_sudo.files | map(attribute='path') | list | first }}" when: find_sudo.matched > 0 - name: Inserts/replaces the sudo rule in rules.d lineinfile: path: "{{ all_files[0] }}" line: '-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged' create: yes tags: - audit_rules_privileged_commands_sudo - medium_severity - restrict_strategy - low_complexity - low_disruption - CCE-80401-3 - NIST-800-53-AU-3(1) - NIST-800-53-AU-12(c) - NIST-800-171-3.1.7 - DISA-STIG-RHEL-07-030690 # Inserts/replaces the sudo rule in /etc/audit/audit.rules - name: Inserts/replaces the sudo rule in audit.rules lineinfile: path: /etc/audit/audit.rules line: '-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged' create: yes tags: - audit_rules_privileged_commands_sudo - medium_severity - restrict_strategy - low_complexity - low_disruption - CCE-80401-3 - NIST-800-53-AU-3(1) - NIST-800-53-AU-12(c) - NIST-800-171-3.1.7 - DISA-STIG-RHEL-07-030690 </code></pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_usernetctl" id="rule-detail-idm45508564801040"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - usernetctlxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_usernetctl medium</div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - usernetctl</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_usernetctl</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add a line of the following form to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/sbin/usernetctl -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add a line of the following form to <code>/etc/audit/audit.rules</code>: <pre>-a always,exit -F path=/usr/sbin/usernetctl -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh" id="rule-detail-idm45508564795616"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - chshxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh mediumCCE-80404-7 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - chsh</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chsh</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80404-7">CCE-80404-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030720</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86791r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add a line of the following form to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add a line of the following form to <code>/etc/audit/audit.rules</code>: <pre>-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgidmap" id="rule-detail-idm45508564791888"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - newgidmapxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgidmap medium</div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - newgidmap</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgidmap</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add a line of the following form to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/bin/newgidmap -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add a line of the following form to <code>/etc/audit/audit.rules</code>: <pre>-a always,exit -F path=/usr/bin/newgidmap -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage" id="rule-detail-idm45508564786464"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - chagexccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage mediumCCE-80398-1 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - chage</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80398-1">CCE-80398-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030660</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86779r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add a line of the following form to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add a line of the following form to <code>/etc/audit/audit.rules</code>: <pre>-a always,exit -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_userhelper" id="rule-detail-idm45508564782736"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - userhelperxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_userhelper mediumCCE-80399-9 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - userhelper</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_userhelper</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80399-9">CCE-80399-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030670</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86781r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add a line of the following form to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/bin/userhelper -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add a line of the following form to <code>/etc/audit/audit.rules</code>: <pre>-a always,exit -F path=/usr/bin/userhelper -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_at" id="rule-detail-idm45508564779024"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - atxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_at medium</div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - at</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_at</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add a line of the following form to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/bin/at -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add a line of the following form to <code>/etc/audit/audit.rules</code>: <pre>-a always,exit -F path=/usr/bin/at -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab" id="rule-detail-idm45508564773632"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - crontabxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab mediumCCE-80410-4 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - crontab</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_crontab</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80410-4">CCE-80410-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030800</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86807r2_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add a line of the following form to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add a line of the following form to <code>/etc/audit/audit.rules</code>: <pre>-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_umount" id="rule-detail-idm45508564769888"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - umountxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_umount mediumCCE-80405-4 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - umount</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_umount</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80405-4">CCE-80405-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030750</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86797r4_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add a line of the following form to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/bin/umount -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add a line of the following form to <code>/etc/audit/audit.rules</code>: <pre>-a always,exit -F path=/usr/bin/umount -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd" id="rule-detail-idm45508564766192"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwdxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd mediumCCE-80396-5 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_unix_chkpwd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80396-5">CCE-80396-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030640</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86775r4_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add a line of the following form to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/bin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add a line of the following form to <code>/etc/audit/audit.rules</code>: <pre>-a always,exit -F path=/usr/bin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pt_chown" id="rule-detail-idm45508564762480"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - pt_chownxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pt_chown mediumCCE-80409-6 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_pt_chown</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80409-6">CCE-80409-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add a line of the following form to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/libexec/pt_chown -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add a line of the following form to <code>/etc/audit/audit.rules</code>: <pre>-a always,exit -F path=/usr/libexec/pt_chown -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_keysign" id="rule-detail-idm45508564758784"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysignxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_keysign mediumCCE-80408-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_keysign</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80408-8">CCE-80408-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030780</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86803r2_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add a line of the following form to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add a line of the following form to <code>/etc/audit/audit.rules</code>: <pre>-a always,exit -F path=/usr/libexec/openssh/key-sign -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudoedit" id="rule-detail-idm45508564755072"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - sudoeditxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudoedit mediumCCE-80402-1 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudoedit</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80402-1">CCE-80402-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030730</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86793r4_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add a line of the following form to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add a line of the following form to <code>/etc/audit/audit.rules</code>: <pre>-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr><tr><td colspan="2"><div class="remediation"><span class="label label-success">Remediation Shell script:</span>   <a data-toggle="collapse" data-target="#idm45508570251472">(show)</a><br></br><div class="panel-collapse collapse" id="idm45508570251472"><pre><code> PATTERN="-a always,exit -F path=/usr/bin/sudoedit\\s*.*" GROUP="privileged" FULL_RULE="-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged" # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' <abbr title="from TestResult: xccdf_org.ssgproject.content_value_function_fix_audit_syscall_rule"># Function to fix syscall audit rule for given system call. It is # based on example audit syscall rule definitions as outlined in # /usr/share/doc/audit-2.3.7/stig.rules file provided with the audit # package. It will combine multiple system calls belonging to the same # syscall group into one audit rule (rather than to create audit rule per # different system call) to avoid audit infrastructure performance penalty # in the case of 'one-audit-rule-definition-per-one-system-call'. See: # # https://www.redhat.com/archives/linux-audit/2014-November/msg00009.html # # for further details. # # Expects five arguments (each of them is required) in the form of: # * audit tool tool used to load audit rules, # either 'auditctl', or 'augenrules # * audit rules' pattern audit rule skeleton for same syscall # * syscall group greatest common string this rule shares # with other rules from the same group # * architecture architecture this rule is intended for # * full form of new rule to add expected full form of audit rule as to be # added into audit.rules file # # Note: The 2-th up to 4-th arguments are used to determine how many existing # audit rules will be inspected for resemblance with the new audit rule # (5-th argument) the function is going to add. The rule's similarity check # is performed to optimize audit.rules definition (merge syscalls of the same # group into one rule) to avoid the "single-syscall-per-audit-rule" performance # penalty. # # Example call: # # See e.g. 'audit_rules_file_deletion_events.sh' remediation script # function fix_audit_syscall_rule { # Load function arguments into local variables local tool="$1" local pattern="$2" local group="$3" local arch="$4" local full_rule="$5" # Check sanity of the input if [ $# -ne "5" ] then echo "Usage: fix_audit_syscall_rule 'tool' 'pattern' 'group' 'arch' 'full rule'" echo "Aborting." exit 1 fi # Create a list of audit *.rules files that should be inspected for presence and correctness # of a particular audit rule. The scheme is as follows: # # ----------------------------------------------------------------------------------------- # Tool used to load audit rules | Rule already defined | Audit rules file to inspect | # ----------------------------------------------------------------------------------------- # auditctl | Doesn't matter | /etc/audit/audit.rules | # ----------------------------------------------------------------------------------------- # augenrules | Yes | /etc/audit/rules.d/*.rules | # augenrules | No | /etc/audit/rules.d/$key.rules | # ----------------------------------------------------------------------------------------- # declare -a files_to_inspect retval=0 # First check sanity of the specified audit tool if [ "$tool" != 'auditctl' ] && [ "$tool" != 'augenrules' ] then echo "Unknown audit rules loading tool: $1. Aborting." echo "Use either 'auditctl' or 'augenrules'!" return 1 # If audit tool is 'auditctl', then add '/etc/audit/audit.rules' # file to the list of files to be inspected elif [ "$tool" == 'auditctl' ] then files_to_inspect=("${files_to_inspect[@]}" '/etc/audit/audit.rules' ) # If audit tool is 'augenrules', then check if the audit rule is defined # If rule is defined, add '/etc/audit/rules.d/*.rules' to the list for inspection # If rule isn't defined yet, add '/etc/audit/rules.d/$key.rules' to the list for inspection elif [ "$tool" == 'augenrules' ] then # Extract audit $key from audit rule so we can use it later key=$(expr "$full_rule" : '.*-k[[:space:]]\([^[:space:]]\+\)' '|' "$full_rule" : '.*-F[[:space:]]key=\([^[:space:]]\+\)') # Check if particular audit rule is already defined IFS=$'\n' matches=($(sed -s -n -e "\;${pattern};!d" -e "/${arch}/!d" -e "/${group}/!d;F" /etc/audit/rules.d/*.rules)) if [ $? -ne 0 ] then retval=1 fi # Reset IFS back to default unset IFS for match in "${matches[@]}" do files_to_inspect=("${files_to_inspect[@]}" "${match}") done # Case when particular rule isn't defined in /etc/audit/rules.d/*.rules yet if [ ${#files_to_inspect[@]} -eq "0" ] then files_to_inspect="/etc/audit/rules.d/$key.rules" if [ ! -e "$files_to_inspect" ] then touch "$files_to_inspect" chmod 0640 "$files_to_inspect" fi fi fi # # Indicator that we want to append $full_rule into $audit_file by default local append_expected_rule=0 for audit_file in "${files_to_inspect[@]}" do # Filter existing $audit_file rules' definitions to select those that: # * follow the rule pattern, and # * meet the hardware architecture requirement, and # * are current syscall group specific IFS=$'\n' existing_rules=($(sed -e "\;${pattern};!d" -e "/${arch}/!d" -e "/${group}/!d" "$audit_file")) if [ $? -ne 0 ] then retval=1 fi # Reset IFS back to default unset IFS # Process rules found case-by-case for rule in "${existing_rules[@]}" do # Found rule is for same arch & key, but differs (e.g. in count of -S arguments) if [ "${rule}" != "${full_rule}" ] then # If so, isolate just '(-S \w)+' substring of that rule rule_syscalls=$(echo $rule | grep -o -P '(-S \w+ )+') # Check if list of '-S syscall' arguments of that rule is subset # of '-S syscall' list of expected $full_rule if grep -q -- "$rule_syscalls" <<< "$full_rule" then # Rule is covered (i.e. the list of -S syscalls for this rule is # subset of -S syscalls of $full_rule => existing rule can be deleted # Thus delete the rule from audit.rules & our array sed -i -e "\;${rule};d" "$audit_file" if [ $? -ne 0 ] then retval=1 fi existing_rules=("${existing_rules[@]//$rule/}") else # Rule isn't covered by $full_rule - it besides -S syscall arguments # for this group contains also -S syscall arguments for other syscall # group. Example: '-S lchown -S fchmod -S fchownat' => group='chown' # since 'lchown' & 'fchownat' share 'chown' substring # Therefore: # * 1) delete the original rule from audit.rules # (original '-S lchown -S fchmod -S fchownat' rule would be deleted) # * 2) delete the -S syscall arguments for this syscall group, but # keep those not belonging to this syscall group # (original '-S lchown -S fchmod -S fchownat' would become '-S fchmod' # * 3) append the modified (filtered) rule again into audit.rules # if the same rule not already present # # 1) Delete the original rule sed -i -e "\;${rule};d" "$audit_file" if [ $? -ne 0 ] then retval=1 fi # 2) Delete syscalls for this group, but keep those from other groups # Convert current rule syscall's string into array splitting by '-S' delimiter IFS=$'-S' read -a rule_syscalls_as_array <<< "$rule_syscalls" # Reset IFS back to default unset IFS # Declare new empty string to hold '-S syscall' arguments from other groups new_syscalls_for_rule='' # Walk through existing '-S syscall' arguments for syscall_arg in "${rule_syscalls_as_array[@]}" do # Skip empty $syscall_arg values if [ "$syscall_arg" == '' ] then continue fi # If the '-S syscall' doesn't belong to current group add it to the new list # (together with adding '-S' delimiter back for each of such item found) if grep -q -v -- "$group" <<< "$syscall_arg" then new_syscalls_for_rule="$new_syscalls_for_rule -S $syscall_arg" fi done # Replace original '-S syscall' list with the new one for this rule updated_rule=${rule//$rule_syscalls/$new_syscalls_for_rule} # Squeeze repeated whitespace characters in rule definition (if any) into one updated_rule=$(echo "$updated_rule" | tr -s '[:space:]') # 3) Append the modified / filtered rule again into audit.rules # (but only in case it's not present yet to prevent duplicate definitions) if ! grep -q -- "$updated_rule" "$audit_file" then echo "$updated_rule" >> "$audit_file" fi fi else # $audit_file already contains the expected rule form for this # architecture & key => don't insert it second time append_expected_rule=1 fi done # We deleted all rules that were subset of the expected one for this arch & key. # Also isolated rules containing system calls not from this system calls group. # Now append the expected rule if it's not present in $audit_file yet if [[ ${append_expected_rule} -eq "0" ]] then echo "$full_rule" >> "$audit_file" fi done return $retval } </abbr> fix_audit_syscall_rule "auditctl" "$PATTERN" "$GROUP" "$ARCH" "$FULL_RULE" fix_audit_syscall_rule "augenrules" "$PATTERN" "$GROUP" "$ARCH" "$FULL_RULE" </code></pre></div></div></td></tr><tr><td colspan="2"><div class="remediation"><span class="label label-success">Remediation Ansible snippet:</span>   <a data-toggle="collapse" data-target="#idm45508570249248">(show)</a><br></br><div class="panel-collapse collapse" id="idm45508570249248"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code> # Inserts/replaces the rule in /etc/audit/rules.d - name: Search /etc/audit/rules.d for audit rule entries find: paths: "/etc/audit/rules.d" recurse: no contains: "^.*path=/usr/bin/sudoedit.*$" patterns: "*.rules" register: find_sudoedit - name: Use /etc/audit/rules.d/privileged.rules as the recipient for the rule set_fact: all_files: - /etc/audit/rules.d/privileged.rules when: find_sudoedit.matched == 0 - name: Use matched file as the recipient for the rule set_fact: all_files: - "{{ find_sudoedit.files | map(attribute='path') | list | first }}" when: find_sudoedit.matched > 0 - name: Inserts/replaces the sudoedit rule in rules.d lineinfile: path: "{{ all_files[0] }}" line: '-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged' create: yes tags: - audit_rules_privileged_commands_sudoedit - medium_severity - restrict_strategy - low_complexity - low_disruption - CCE-80402-1 - NIST-800-53-AU-3(1) - NIST-800-53-AU-12(c) - NIST-800-171-3.1.7 - DISA-STIG-RHEL-07-030730 # Inserts/replaces the sudoedit rule in /etc/audit/audit.rules - name: Inserts/replaces the sudoedit rule in audit.rules lineinfile: path: /etc/audit/audit.rules line: '-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged' create: yes tags: - audit_rules_privileged_commands_sudoedit - medium_severity - restrict_strategy - low_complexity - low_disruption - CCE-80402-1 - NIST-800-53-AU-3(1) - NIST-800-53-AU-12(c) - NIST-800-171-3.1.7 - DISA-STIG-RHEL-07-030730 </code></pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_mount" id="rule-detail-idm45508564751376"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - mountxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_mount medium</div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - mount</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_mount</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add a line of the following form to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add a line of the following form to <code>/etc/audit/audit.rules</code>: <pre>-a always,exit -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newuidmap" id="rule-detail-idm45508564748336"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - newuidmapxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newuidmap medium</div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - newuidmap</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newuidmap</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add a line of the following form to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/bin/newuidmap -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add a line of the following form to <code>/etc/audit/audit.rules</code>: <pre>-a always,exit -F path=/usr/bin/newuidmap -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd" id="rule-detail-idm45508564745264"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - gpasswdxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd mediumCCE-80397-3 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_gpasswd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80397-3">CCE-80397-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030650</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86777r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add a line of the following form to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add a line of the following form to <code>/etc/audit/audit.rules</code>: <pre>-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_su" id="rule-detail-idm45508564739232"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - suxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_su mediumCCE-80400-5 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - su</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_su</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80400-5">CCE-80400-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030680</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86783r4_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add a line of the following form to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/bin/su -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add a line of the following form to <code>/etc/audit/audit.rules</code>: <pre>-a always,exit -F path=/usr/bin/su -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp" id="rule-detail-idm45508564735504"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects Information on the Use of Privileged Commands - newgrpxccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp mediumCCE-80403-9 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects Information on the Use of Privileged Commands - newgrp</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_newgrp</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80403-9">CCE-80403-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030710</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86789r3_rule</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add a line of the following form to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add a line of the following form to <code>/etc/audit/audit.rules</code>: <pre>-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider and advanced persistent threast. <br><br> Privileged programs are subject to escalation-of-privilege attacks, which attempt to subvert their normal role of providing some necessary but limited capability. As such, motivation exists to monitor these programs for unusual activity.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat" id="rule-detail-idm45508564731808"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Delete Attempts to Files - renameatxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Delete Attempts to Files - renameat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_renameat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file deletion attempts for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file. <pre>-a always,exit -F arch=b32 -S renameat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete -a always,exit -F arch=b32 -S renameat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete</pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S renameat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete -a always,exit -F arch=b64 -S renameat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to delete files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-delete</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_chmod" id="rule-detail-idm45508564728736"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Permission Changes to Files - chmodxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_chmod medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Permission Changes to Files - chmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_chmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file permission change attempts for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file. <pre>-a always,exit -F arch=b32 -S chmod -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b32 -S chmod -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> If the system is 64 bit then also add the following lines: <pre>-a always,exit -F arch=b64 -S chmod -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b64 -S chmod -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change permissions of files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the audit rule checks a system call independently of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_o_trunc_write" id="rule-detail-idm45508564725664"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Modification Attempts to Files - open O_TRUNCxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_o_trunc_write medium</div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Modification Attempts to Files - open O_TRUNC</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_o_trunc_write</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect detailed unauthorized file accesses for all users and root. The <code>open</code> syscall can be used to modify files if called for write operation of with O_TRUNC flag. The following auidt rules will asure that unsuccessful attempts to modify a file via <code>open</code> syscall are collected. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the rules below to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the rules below to <code>/etc/audit/audit.rules</code> file. <pre> -a always,exit -F arch=b32 -S open -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification -a always,exit -F arch=b32 -S open -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification </pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S open -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification -a always,exit -F arch=b64 -S open -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification </pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchownat" id="rule-detail-idm45508564722560"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Ownership Changes to Files - fchownatxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchownat medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Ownership Changes to Files - fchownat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchownat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file ownership change attempts for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file. <pre>-a always,exit -F arch=b32 -S fchownat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b32 -S fchownat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> If the system is 64 bit then also add the following lines: <pre>-a always,exit -F arch=b64 -S fchownat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b64 -S fchownat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change ownership of files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the audit rule checks a system call independently of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S lchown,fchown,chown,fchownat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_o_creat" id="rule-detail-idm45508564719456"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Creation Attempts to Files - openat O_CREATxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_o_creat medium</div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Creation Attempts to Files - openat O_CREAT</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_o_creat</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unauthorized file accesses for all users and root. The <code>openat</code> syscall can be used to create new files when O_CREAT flag is specified. The following auidt rules will asure that unsuccessful attempts to create a file via <code>openat</code> syscall are collected. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the rules below to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the rules below to <code>/etc/audit/audit.rules</code> file. <pre> -a always,exit -F arch=b32 -S openat -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create -a always,exit -F arch=b32 -S openat -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create </pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S openat -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create -a always,exit -F arch=b64 -S openat -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create </pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lchown" id="rule-detail-idm45508564716352"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Ownership Changes to Files - lchownxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lchown medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Ownership Changes to Files - lchown</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lchown</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file ownership change attempts for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file. <pre>-a always,exit -F arch=b32 -S lchown -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b32 -S lchown -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> If the system is 64 bit then also add the following lines: <pre>-a always,exit -F arch=b64 -S lchown -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b64 -S lchown -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change ownership of files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the audit rule checks a system call independently of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S lchown,fchown,chown,fchownat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate" id="rule-detail-idm45508564713280"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Access Attempts to Files (unsuccessful) - truncatexccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate mediumCCE-80389-0 </div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Access Attempts to Files (unsuccessful) - truncate</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80389-0">CCE-80389-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030540</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86755r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S truncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b32 -S truncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S truncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b64 -S truncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b32 -S truncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b32 -S truncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S truncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b64 -S truncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_removexattr" id="rule-detail-idm45508564709568"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Permission Changes to Files - removexattrxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_removexattr medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Permission Changes to Files - removexattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_removexattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file permission change attempts for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file. <pre>-a always,exit -F arch=b32 -S removexattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b32 -S removexattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> If the system is 64 bit then also add the following lines: <pre>-a always,exit -F arch=b64 -S removexattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b64 -S removexattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change permissions of files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the audit rule checks a system call independently of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_chown" id="rule-detail-idm45508564706480"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Ownership Changes to Files - chownxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_chown medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Ownership Changes to Files - chown</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_chown</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file ownership change attempts for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file. <pre>-a always,exit -F arch=b32 -S chown -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b32 -S chown -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> If the system is 64 bit then also add the following lines: <pre>-a always,exit -F arch=b64 -S chown -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b64 -S chown -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change ownership of files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the audit rule checks a system call independently of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S lchown,fchown,chown,fchownat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchown" id="rule-detail-idm45508564703408"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Ownership Changes to Files - fchownxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchown medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Ownership Changes to Files - fchown</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchown</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file ownership change attempts for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file. <pre>-a always,exit -F arch=b32 -S fchown -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b32 -S fchown -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> If the system is 64 bit then also add the following lines: <pre>-a always,exit -F arch=b64 -S fchown -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b64 -S fchown -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change ownership of files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the audit rule checks a system call independently of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S lchown,fchown,chown,fchownat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchmodat" id="rule-detail-idm45508564700336"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Permission Changes to Files - fchmodatxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchmodat medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Permission Changes to Files - fchmodat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchmodat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file permission change attempts for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file. <pre>-a always,exit -F arch=b32 -S fchmodat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b32 -S fchmodat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> If the system is 64 bit then also add the following lines: <pre>-a always,exit -F arch=b64 -S fchmodat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b64 -S fchmodat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change permissions of files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the audit rule checks a system call independently of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_setxattr" id="rule-detail-idm45508564697264"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Permission Changes to Files - setxattrxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_setxattr medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Permission Changes to Files - setxattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_setxattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file permission change attempts for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file. <pre>-a always,exit -F arch=b32 -S setxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b32 -S setxattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> If the system is 64 bit then also add the following lines: <pre>-a always,exit -F arch=b64 -S setxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b64 -S setxattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change permissions of files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the audit rule checks a system call independently of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lremovexattr" id="rule-detail-idm45508564694192"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Permission Changes to Files - lremovexattrxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lremovexattr medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Permission Changes to Files - lremovexattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lremovexattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file permission change attempts for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file. <pre>-a always,exit -F arch=b32 -S lremovexattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b32 -S lremovexattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> If the system is 64 bit then also add the following lines: <pre>-a always,exit -F arch=b64 -S lremovexattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b64 -S lremovexattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change permissions of files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the audit rule checks a system call independently of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat" id="rule-detail-idm45508564691104"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Access Attempts to Files (unsuccessful) - creatxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat mediumCCE-80385-8 </div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Access Attempts to Files (unsuccessful) - creat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80385-8">CCE-80385-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030500</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86747r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_o_creat" id="rule-detail-idm45508564687392"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Creation Attempts to Files - open O_CREATxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_o_creat medium</div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Creation Attempts to Files - open O_CREAT</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_o_creat</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unauthorized file accesses for all users and root. The <code>open</code> syscall can be used to create new files when O_CREAT flag is specified. The following auidt rules will asure that unsuccessful attempts to create a file via <code>open</code> syscall are collected. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the rules below to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the rules below to <code>/etc/audit/audit.rules</code> file. <pre> -a always,exit -F arch=b32 -S open -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create -a always,exit -F arch=b32 -S open -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create </pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S open -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create -a always,exit -F arch=b64 -S open -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create </pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fremovexattr" id="rule-detail-idm45508564684304"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Permission Changes to Files - fremovexattrxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fremovexattr medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Permission Changes to Files - fremovexattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fremovexattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file permission change attempts for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file. <pre>-a always,exit -F arch=b32 -S fremovexattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b32 -S fremovexattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> If the system is 64 bit then also add the following lines: <pre>-a always,exit -F arch=b64 -S fremovexattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b64 -S fremovexattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change permissions of files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the audit rule checks a system call independently of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlink" id="rule-detail-idm45508564681216"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Delete Attempts to Files - unlinkxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlink medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Delete Attempts to Files - unlink</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlink</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file deletion attempts for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file. <pre>-a always,exit -F arch=b32 -S unlink -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete -a always,exit -F arch=b32 -S unlink -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete</pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S unlink -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete -a always,exit -F arch=b64 -S unlink -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to delete files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-delete</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fsetxattr" id="rule-detail-idm45508564678144"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Permission Changes to Files - fsetxattrxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fsetxattr medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Permission Changes to Files - fsetxattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fsetxattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file permission change attempts for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file. <pre>-a always,exit -F arch=b32 -S fsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b32 -S fsetxattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> If the system is 64 bit then also add the following lines: <pre>-a always,exit -F arch=b64 -S fsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b64 -S fsetxattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change permissions of files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the audit rule checks a system call independently of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_rule_order" id="rule-detail-idm45508564675072"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctlyxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_rule_order medium</div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_rule_order</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect detailed unauthorized file accesses for all users and root. To correctly identify unsuccessful creation, unsuccessful modification and unsuccessful access of files via <code>openat</code> syscall the audit rules collecting these events need to be in certain order. The more specific rules need to come before the less specific rules. The reason for that is that more specific rules cover a subset of events covered in the less specific rules, thus, they need to come before to not be overshadowed by less specific rules, which match a bigger set of events. Make sure that rules for unsuccessful calls of <code>openat</code> syscall are in the order shown below. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), check the order of rules below in a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, check the order of rules below in <code>/etc/audit/audit.rules</code> file. <pre> -a always,exit -F arch=b32 -S openat -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create -a always,exit -F arch=b32 -S openat -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create -a always,exit -F arch=b32 -S openat -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification -a always,exit -F arch=b32 -S openat -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification -a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-access -a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-access </pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S openat -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create -a always,exit -F arch=b64 -S openat -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create -a always,exit -F arch=b64 -S openat -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification -a always,exit -F arch=b64 -S openat -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification -a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-access -a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-access </pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The more specific rules cover a subset of events covered by the less specific rules. By ordering them from more specific to less specific, it is assured that the less specific rule will not catch events better recorded by the more specific rule.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_rule_order" id="rule-detail-idm45508564671968"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctlyxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_rule_order medium</div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_rule_order</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect detailed unauthorized file accesses for all users and root. To correctly identify unsuccessful creation, unsuccessful modification and unsuccessful access of files via <code>open</code> syscall the audit rules collecting these events need to be in certain order. The more specific rules need to come before the less specific rules. The reason for that is that more specific rules cover a subset of events covered in the less specific rules, thus, they need to come before to not be overshadowed by less specific rules, which match a bigger set of events. Make sure that rules for unsuccessful calls of <code>open</code> syscall are in the order shown below. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), check the order of rules below in a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, check the order of rules below in <code>/etc/audit/audit.rules</code> file. <pre> -a always,exit -F arch=b32 -S open -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create -a always,exit -F arch=b32 -S open -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create -a always,exit -F arch=b32 -S open -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification -a always,exit -F arch=b32 -S open -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification -a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-access -a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-access </pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S open -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create -a always,exit -F arch=b64 -S open -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create -a always,exit -F arch=b64 -S open -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification -a always,exit -F arch=b64 -S open -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification -a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-access -a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-access </pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The more specific rules cover a subset of events covered by the less specific rules. By ordering them from more specific to less specific, it is assured that the less specific rule will not catch events better recorded by the more specific rule.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open" id="rule-detail-idm45508564668864"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Access Attempts to Files (unsuccessful) - openxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open mediumCCE-80386-6 </div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Access Attempts to Files (unsuccessful) - open</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80386-6">CCE-80386-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030510</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86749r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lsetxattr" id="rule-detail-idm45508564665152"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Permission Changes to Files - lsetxattrxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lsetxattr medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Permission Changes to Files - lsetxattr</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_lsetxattr</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file permission change attempts for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file. <pre>-a always,exit -F arch=b32 -S lsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b32 -S lsetxattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> If the system is 64 bit then also add the following lines: <pre>-a always,exit -F arch=b64 -S lsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b64 -S lsetxattr -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change permissions of files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the audit rule checks a system call independently of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat" id="rule-detail-idm45508564662080"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Creation Attempts to Files - open_by_handle_at O_CREATxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat medium</div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Creation Attempts to Files - open_by_handle_at O_CREAT</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unauthorized file accesses for all users and root. The <code>open_by_handle_at</code> syscall can be used to create new files when O_CREAT flag is specified. The following auidt rules will asure that unsuccessful attempts to create a file via <code>open_by_handle_at</code> syscall are collected. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the rules below to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the rules below to <code>/etc/audit/audit.rules</code> file. <pre> -a always,exit -F arch=b32 -S open_by_handle_at -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create -a always,exit -F arch=b32 -S open_by_handle_at -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create </pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S open_by_handle_at -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create -a always,exit -F arch=b64 -S open_by_handle_at -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create </pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at" id="rule-detail-idm45508564658976"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Access Attempts to Files (unsuccessful) - open_by_handle_atxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at mediumCCE-80388-2 </div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Access Attempts to Files (unsuccessful) - open_by_handle_at</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80388-2">CCE-80388-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030530</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86753r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b32 -S open_by_handle_at,truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b32 -S open_by_handle_at,truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S open_by_handle_at,truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b64 -S open_by_handle_at,truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate" id="rule-detail-idm45508564655232"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Access Attempts to Files (unsuccessful) - ftruncatexccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate mediumCCE-80390-8 </div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Access Attempts to Files (unsuccessful) - ftruncate</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80390-8">CCE-80390-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030550</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86757r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b32 -S ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S ftruncate -F exiu=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b64 -S ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b32 -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b32 -S ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b64 -S ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order" id="rule-detail-idm45508564651520"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctlyxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order medium</div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect detailed unauthorized file accesses for all users and root. To correctly identify unsuccessful creation, unsuccessful modification and unsuccessful access of files via <code>open_by_handle_at</code> syscall the audit rules collecting these events need to be in certain order. The more specific rules need to come before the less specific rules. The reason for that is that more specific rules cover a subset of events covered in the less specific rules, thus, they need to come before to not be overshadowed by less specific rules, which match a bigger set of events. Make sure that rules for unsuccessful calls of <code>open_by_handle_at</code> syscall are in the order shown below. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), check the order of rules below in a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, check the order of rules below in <code>/etc/audit/audit.rules</code> file. <pre> -a always,exit -F arch=b32 -S open_by_handle_at -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create -a always,exit -F arch=b32 -S open_by_handle_at -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create -a always,exit -F arch=b32 -S open_by_handle_at -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification -a always,exit -F arch=b32 -S open_by_handle_at -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification -a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-access -a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-access </pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S open_by_handle_at -F a2&0100 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-create -a always,exit -F arch=b64 -S open_by_handle_at -F a2&0100 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-create -a always,exit -F arch=b64 -S open_by_handle_at -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification -a always,exit -F arch=b64 -S open_by_handle_at -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-access -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-access </pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The more specific rules cover a subset of events covered by the less specific rules. By ordering them from more specific to less specific, it is assured that the less specific rule will not catch events better recorded by the more specific rule.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlinkat" id="rule-detail-idm45508564648400"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Delete Attempts to Files - unlinkatxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlinkat medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Delete Attempts to Files - unlinkat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_unlinkat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file deletion attempts for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file. <pre>-a always,exit -F arch=b32 -S unlinkat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete -a always,exit -F arch=b32 -S unlinkat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete</pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S unlinkat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete -a always,exit -F arch=b64 -S unlinkat -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to delete files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-delete</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_o_trunc_write" id="rule-detail-idm45508564645328"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Modification Attempts to Files - openat O_TRUNCxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_o_trunc_write medium</div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Modification Attempts to Files - openat O_TRUNC</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_o_trunc_write</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect detailed unauthorized file accesses for all users and root. The <code>openat</code> syscall can be used to modify files if called for write operation of with O_TRUNC flag. The following auidt rules will asure that unsuccessful attempts to modify a file via <code>openat</code> syscall are collected. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the rules below to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the rules below to <code>/etc/audit/audit.rules</code> file. <pre> -a always,exit -F arch=b32 -S openat -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification -a always,exit -F arch=b32 -S openat -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification </pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S openat -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification -a always,exit -F arch=b64 -S openat -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification </pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchmod" id="rule-detail-idm45508564639872"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Permission Changes to Files - fchmodxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchmod medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Permission Changes to Files - fchmod</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_fchmod</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file permission change attempts for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file. <pre>-a always,exit -F arch=b32 -S fchmod -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b32 -S fchmod -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre> If the system is 64 bit then also add the following lines: <pre>-a always,exit -F arch=b64 -S fchmod -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change -a always,exit -F arch=b64 -S fchmod -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to change permissions of files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the audit rule checks a system call independently of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,setxattr,lsetxattr,fsetxattr -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-perm-change</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write" id="rule-detail-idm45508564636752"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Modification Attempts to Files - open_by_handle_at O_TRUNCxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write medium</div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Modification Attempts to Files - open_by_handle_at O_TRUNC</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect detailed unauthorized file accesses for all users and root. The <code>open_by_handle_at</code> syscall can be used to modify files if called for write operation of with O_TRUNC flag. The following auidt rules will asure that unsuccessful attempts to modify a file via <code>open_by_handle_at</code> syscall are collected. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the rules below to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the rules below to <code>/etc/audit/audit.rules</code> file. <pre> -a always,exit -F arch=b32 -S open_by_handle_at -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification -a always,exit -F arch=b32 -S open_by_handle_at -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification </pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S open_by_handle_at -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification -a always,exit -F arch=b64 -S open_by_handle_at -F a2&01003 -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification </pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&01003 -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-modification</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat" id="rule-detail-idm45508564633616"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unauthorized Access Attempts to Files (unsuccessful) - openatxccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat mediumCCE-80387-4 </div><div class="panel-heading"><h3 class="panel-title">Record Unauthorized Access Attempts to Files (unsuccessful) - openat</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80387-4">CCE-80387-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030520</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86751r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access -a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping these system calls with others as identifying earlier in this guide is more efficient.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_rename" id="rule-detail-idm45508564629904"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Unsuccessul Delete Attempts to Files - renamexccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_rename medium</div><div class="panel-heading"><h3 class="panel-title">Record Unsuccessul Delete Attempts to Files - rename</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_rename</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.1</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000064-GPOS-00033</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000458-GPOS-00203</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000461-GPOS-00205</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect unsuccessful file deletion attempts for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file. <pre>-a always,exit -F arch=b32 -S rename -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete -a always,exit -F arch=b32 -S rename -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete</pre> If the system is 64 bit then also add the following lines: <pre> -a always,exit -F arch=b64 -S rename -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete -a always,exit -F arch=b64 -S rename -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=unsuccessful-delete</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unsuccessful attempts to delete files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=unsuccesful-delete</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions" id="rule-detail-idm45508564626832"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure auditd Collects System Administrator Actionsxccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions unknownCCE-27461-3 </div><div class="panel-heading"><h3 class="panel-title">Ensure auditd Collects System Administrator Actions</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27461-3">CCE-27461-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030700</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86787r4_rule</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000130</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000135</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(7)(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">iAU-3(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.2</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.5.b</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000037-GPOS-00015</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00020</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000392-GPOS-00172</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000462-GPOS-00206</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000471-GPOS-00215</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>At a minimum, the audit system should collect administrator actions for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-w /etc/sudoers -p wa -k actions -w /etc/sudoers.d/ -p wa -k actions</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following line to <code>/etc/audit/audit.rules</code> file: <pre>-w /etc/sudoers -p wa -k actions -w /etc/sudoers.d/ -p wa -k actions</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The actions taken by system administrators should be audited to keep a record of what was executed on the system, as well as, for accountability purposes.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open_by_handle_at" id="rule-detail-idm45508564618416"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwdxccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open_by_handle_at medium</div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open_by_handle_at</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect write events to /etc/passwd file for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S open_by_handle_at -F a2&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b64 -S open_by_handle_at -F a2&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Creation of users through direct edition of /etc/passwd could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open_by_handle_at" id="rule-detail-idm45508564615312"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/groupxccdf_org.ssgproject.content_rule_audit_rules_etc_group_open_by_handle_at medium</div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open_by_handle_at</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect write events to /etc/group file for all group and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S open_by_handle_at -F a2&03 -F path=/etc/group -F auid>=1000 -F auid!=unset -F key=group-modify</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b64 -S open_by_handle_at -F a2&03 -F path=/etc/group -F auid>=1000 -F auid!=unset -F key=group-modify</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Creation of groups through direct edition of /etc/group could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&03 -F path=/etc/group -F auid>=1000 -F auid!=unset -F key=group-modify</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open" id="rule-detail-idm45508564612256"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information via open syscall - /etc/passwdxccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open medium</div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information via open syscall - /etc/passwd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect write events to /etc/passwd file for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S open -F a2&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b64 -S open -F a2&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Creation of users through direct edition of /etc/passwd could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_session_events" id="rule-detail-idm45508564609216"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Attempts to Alter Process and Session Initiation Informationxccdf_org.ssgproject.content_rule_audit_rules_session_events unknownCCE-27301-1 </div><div class="panel-heading"><h3 class="panel-title">Record Attempts to Alter Process and Session Initiation Information</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_session_events</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27301-1">CCE-27301-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.3</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system already collects process information for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code> in order to watch for attempted manual edits of files involved in storing such process information: <pre>-w /var/run/utmp -p wa -k session -w /var/log/btmp -p wa -k session -w /var/log/wtmp -p wa -k session</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file in order to watch for attempted manual edits of files involved in storing such process information: <pre>-w /var/run/utmp -p wa -k session -w /var/log/btmp -p wa -k session -w /var/log/wtmp -p wa -k session</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Manual editing of these files may indicate nefarious activity, such as an attacker attempting to remove evidence of an intrusion.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_etc_group_openat" id="rule-detail-idm45508564605536"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information via openat syscall - /etc/groupxccdf_org.ssgproject.content_rule_audit_rules_etc_group_openat medium</div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information via openat syscall - /etc/group</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_etc_group_openat</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect write events to /etc/group file for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S openat -F a2&03 -F path=/etc/group -F auid>=1000 -F auid!=unset -F key=group-modify</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b64 -S openat -F a2&03 -F path=/etc/group -F auid>=1000 -F auid!=unset -F key=group-modify</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Creation of groups through direct edition of /etc/group could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&03 -F path=/etc/group -F auid>=1000 -F auid!=unset -F key=group-modify</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_immutable" id="rule-detail-idm45508564602496"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Make the auditd Configuration Immutablexccdf_org.ssgproject.content_rule_audit_rules_immutable mediumCCE-27097-5 </div><div class="panel-heading"><h3 class="panel-title">Make the auditd Configuration Immutable</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_immutable</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27097-5">CCE-27097-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">4.1.18</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.3</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.2</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code> in order to make the auditd configuration immutable: <pre>-e 2</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following line to <code>/etc/audit/audit.rules</code> file in order to make the auditd configuration immutable: <pre>-e 2</pre> With this setting, a reboot will be required to change any audit rules.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Making the audit configuration immutable prevents accidental as well as malicious modification of the audit rules, although it may be problematic if legitimate changes are needed during system operation</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open" id="rule-detail-idm45508564598848"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information via open syscall - /etc/groupxccdf_org.ssgproject.content_rule_audit_rules_etc_group_open medium</div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information via open syscall - /etc/group</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect write events to /etc/group file for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S open -F a2&03 -F path=/etc/group -F auid>=1000 -F auid!=unset -F key=group-modify</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b64 -S open -F a2&03 -F path=/etc/group -F auid>=1000 -F auid!=unset -F key=group-modify</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Creation of groups through direct edition of /etc/group could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&03 -F path=/etc/group -F auid>=1000 -F auid!=unset -F key=group-modify</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow" id="rule-detail-idm45508564595808"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information - /etc/shadowxccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow mediumCCE-80431-0 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information - /etc/shadow</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80431-0">CCE-80431-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030873</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-87823r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000018</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001403</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002130</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000004-GPOS-00004</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>, in order to capture events that modify account changes: <br><br> <pre>-w /etc/shadow -p wa -k audit_rules_usergroup_modification</pre> <br><br> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file, in order to capture events that modify account changes: <br><br> <pre>-w /etc/shadow -p wa -k audit_rules_usergroup_modification</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>In addition to auditing new user and group accounts, these watches will alert the system administrator(s) to any modifications. Any unexpected users, groups, or modifications should be investigated for legitimacy.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_openat" id="rule-detail-idm45508564592096"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information via openat syscall - /etc/passwdxccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_openat medium</div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information via openat syscall - /etc/passwd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_openat</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect write events to /etc/passwd file for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-a always,exit -F arch=b32 -S openat -F a2&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file: <pre>-a always,exit -F arch=b64 -S openat -F a2&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Creation of users through direct edition of /etc/passwd could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â Note that these rules can be configured in a number of ways while still achieving the desired effect. Here the system calls have been placed independent of other system calls. Grouping system calls related to the same event is more efficient. See the following example: <pre>-a always,exit -F arch=b32 -S open,openat,open_by_handle_at -F a2&03 -F path=/etc/passwd -F auid>=1000 -F auid!=unset -F key=user-modify</pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_directory_access_var_log_audit" id="rule-detail-idm45508564589056"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Access Events to Audit Log directoryxccdf_org.ssgproject.content_rule_directory_access_var_log_audit unknown</div><div class="panel-heading"><h3 class="panel-title">Record Access Events to Audit Log directory</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_directory_access_var_log_audit</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The audit system should collect access events to read audit log directory. The following audit rule will assure that access to audit log directory are collected. <pre>-a always,exit -F dir=/var/log/audit/ -F perm=r -F auid>=1000 -F auid!=unset -F key=access-audit-trail</pre> If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the rule to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>. If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the rule to <code>/etc/audit/audit.rules</code> file.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Attempts to read the logs should be recorded, suspicious access to audit log files could be an indicator of malicious activity on a system. Auditing these events could serve as evidence of potential system compromise.'</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd" id="rule-detail-idm45508564579552"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information - /etc/security/opasswdxccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd mediumCCE-80430-2 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information - /etc/security/opasswd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80430-2">CCE-80430-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030874</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-87825r4_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000018</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001403</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002130</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000004-GPOS-00004</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>, in order to capture events that modify account changes: <br><br> <pre>-w /etc/security/opasswd -p wa -k audit_rules_usergroup_modification</pre> <br><br> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file, in order to capture events that modify account changes: <br><br> <pre>-w /etc/security/opasswd -p wa -k audit_rules_usergroup_modification</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>In addition to auditing new user and group accounts, these watches will alert the system administrator(s) to any modifications. Any unexpected users, groups, or modifications should be investigated for legitimacy.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_mac_modification" id="rule-detail-idm45508564575792"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify the System's Mandatory Access Controlsxccdf_org.ssgproject.content_rule_audit_rules_mac_modification unknownCCE-27168-4 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify the System's Mandatory Access Controls</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_mac_modification</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27168-4">CCE-27168-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.7</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.8</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.5.5</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>: <pre>-w /etc/selinux/ -p wa -k MAC-policy</pre> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following line to <code>/etc/audit/audit.rules</code> file: <pre>-w /etc/selinux/ -p wa -k MAC-policy</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The system's mandatory access policy (SELinux) should not be arbitrarily changed by anything other than administrator action. All changes to MAC policy should be audited.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow" id="rule-detail-idm45508564567392"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information - /etc/gshadowxccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow mediumCCE-80432-8 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information - /etc/gshadow</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80432-8">CCE-80432-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030872</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-87819r3_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000018</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001403</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002130</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000004-GPOS-00004</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>, in order to capture events that modify account changes: <br><br> <pre>-w /etc/gshadow -p wa -k audit_rules_usergroup_modification</pre> <br><br> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file, in order to capture events that modify account changes: <br><br> <pre>-w /etc/gshadow -p wa -k audit_rules_usergroup_modification</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>In addition to auditing new user and group accounts, these watches will alert the system administrator(s) to any modifications. Any unexpected users, groups, or modifications should be investigated for legitimacy.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd" id="rule-detail-idm45508564563632"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information - /etc/passwdxccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd mediumCCE-80435-1 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information - /etc/passwd</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80435-1">CCE-80435-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030870</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86821r4_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000018</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001403</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002130</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000004-GPOS-00004</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000239-GPOS-00089</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000240-GPOS-00090</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000241-GPOS-00091</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000303-GPOS-00120</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000476-GPOS-00221</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>, in order to capture events that modify account changes: <br><br> <pre>-w /etc/passwd -p wa -k audit_rules_usergroup_modification</pre> <br><br> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file, in order to capture events that modify account changes: <br><br> <pre>-w /etc/passwd -p wa -k audit_rules_usergroup_modification</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>In addition to auditing new user and group accounts, these watches will alert the system administrator(s) to any modifications. Any unexpected users, groups, or modifications should be investigated for legitimacy.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group" id="rule-detail-idm45508564559920"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Record Events that Modify User/Group Information - /etc/groupxccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group mediumCCE-80433-6 </div><div class="panel-heading"><h3 class="panel-title">Record Events that Modify User/Group Information - /etc/group</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80433-6">CCE-80433-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030871</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-87817r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">5.2.5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000018</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000172</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001403</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-002130</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(4)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(7)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.2.5</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000004-GPOS-00004</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <code>.rules</code> in the directory <code>/etc/audit/rules.d</code>, in order to capture events that modify account changes: <br><br> <pre>-w /etc/group -p wa -k audit_rules_usergroup_modification</pre> <br><br> If the <code>auditd</code> daemon is configured to use the <code>auditctl</code> utility to read audit rules during daemon startup, add the following lines to <code>/etc/audit/audit.rules</code> file, in order to capture events that modify account changes: <br><br> <pre>-w /etc/group -p wa -k audit_rules_usergroup_modification</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>In addition to auditing new user and group accounts, these watches will alert the system administrator(s) to any modifications. Any unexpected users, groups, or modifications should be investigated for legitimacy.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_grub2_audit_backlog_limit_argument" id="rule-detail-idm45508564556224"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Extend Audit Backlog Limit for the Audit Daemonxccdf_org.ssgproject.content_rule_grub2_audit_backlog_limit_argument unknown</div><div class="panel-heading"><h3 class="panel-title">Extend Audit Backlog Limit for the Audit Daemon</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_grub2_audit_backlog_limit_argument</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>To improve the kernel capacity to queue all log events, even those which occurred prior to the audit daemon, add the argument <code>audit_backlog_limit=8192</code> to the default GRUB 2 command line for the Linux operating system in <code>/etc/default/grub</code>, in the manner below: <pre>GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=VolGroup/LogVol06 rd.lvm.lv=VolGroup/lv_swap rhgb quiet rd.shell=0 audit=1 audit_backlog_limit=8192"</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>audit_backlog_limit sets the queue length for audit events awaiting transfer to the audit daemon. Until the audit daemon is up and running, all log messages are stored in this queue. If the queue is overrun during boot process, the action defined by audit failure flag is taken.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â The GRUB 2 configuration file, <code>grub.cfg</code>, is automatically updated each time a new kernel is installed. Note that any changes to <code>/etc/default/grub</code> require rebuilding the <code>grub.cfg</code> file. To update the GRUB 2 configuration file manually, use the <pre>grub2-mkconfig -o</pre> command as follows: <ul><li>On BIOS-based machines, issue the following command as <code>root</code>: <pre>~]# grub2-mkconfig -o /boot/grub2/grub.cfg</pre></li><li>On UEFI-based machines, issue the following command as <code>root</code>: <pre>~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre></li></ul></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_grub2_audit_argument" id="rule-detail-idm45508564553184"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Enable Auditing for Processes Which Start Prior to the Audit Daemonxccdf_org.ssgproject.content_rule_grub2_audit_argument mediumCCE-27212-0 </div><div class="panel-heading"><h3 class="panel-title">Enable Auditing for Processes Which Start Prior to the Audit Daemon</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_grub2_audit_argument</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:03</td></tr><tr><td>Severity</td><td>medium</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27212-0">CCE-27212-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">4.1.3</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001464</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000130</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10.3</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To ensure all processes can be audited, even those which start prior to the audit daemon, add the argument <code>audit=1</code> to the default GRUB 2 command line for the Linux operating system in <code>/etc/default/grub</code>, in the manner below: <pre>GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=VolGroup/LogVol06 rd.lvm.lv=VolGroup/lv_swap rhgb quiet rd.shell=0 audit=1"</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Each process on the system carries an "auditable" flag which indicates whether its activities can be audited. Although <code>auditd</code> takes care of enabling this for all processes which launch after it does, adding the kernel argument ensures it is set for every process during boot.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â The GRUB 2 configuration file, <code>grub.cfg</code>, is automatically updated each time a new kernel is installed. Note that any changes to <code>/etc/default/grub</code> require rebuilding the <code>grub.cfg</code> file. To update the GRUB 2 configuration file manually, use the <pre>grub2-mkconfig -o</pre> command as follows: <ul><li>On BIOS-based machines, issue the following command as <code>root</code>: <pre>~]# grub2-mkconfig -o /boot/grub2/grub.cfg</pre></li><li>On UEFI-based machines, issue the following command as <code>root</code>: <pre>~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre></li></ul></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_service_auditd_enabled" id="rule-detail-idm45508564547792"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Enable auditd Servicexccdf_org.ssgproject.content_rule_service_auditd_enabled highCCE-27407-6 </div><div class="panel-heading"><h3 class="panel-title">Enable auditd Service</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:04</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27407-6">CCE-27407-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx">RHEL-07-030000</a>, <a href="http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx">SV-86703r2_rule</a>, <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">4.1.2</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000126</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-000131</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-1(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IR-5</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf">Req-10</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000038-GPOS-00016</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000039-GPOS-00017</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000042-GPOS-00021</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000254-GPOS-00095</a>, <a href="http://iase.disa.mil/stigs/os/general/Pages/index.aspx">SRG-OS-000255-GPOS-00096</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The <code>auditd</code> service is an essential userspace component of the Linux Auditing System, as it is responsible for writing audit records to disk. The <code>auditd</code> service can be enabled with the following command: <pre>$ sudo systemctl enable auditd.service</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Without establishing what type of events occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack. Ensuring the <code>auditd</code> service is active ensures audit records generated by the kernel are appropriately recorded. <br><br> Additionally, a properly configured audit subsystem ensures that actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_grub2_slub_debug_argument" id="rule-detail-idm45508564487008"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Enable SLUB/SLAB allocator poisoningxccdf_org.ssgproject.content_rule_grub2_slub_debug_argument unknown</div><div class="panel-heading"><h3 class="panel-title">Enable SLUB/SLAB allocator poisoning</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_grub2_slub_debug_argument</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:04</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>To enable poisoning of SLUB/SLAB objects, add the argument <code>slub_debug=P</code> to the default GRUB 2 command line for the Linux operating system in <code>/etc/default/grub</code>, in the manner below: <pre>GRUB_CMDLINE_LINUX="slub_debug=P"</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Poisoning writes an arbitrary value to freed objects, so any modification or reference to that object after being freed or before being initialized will be detected and prevented. This prevents many types of use-after-free vulnerabilities at little performance cost. Also prevents leak of data and detection of corrupted memory.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â The GRUB 2 configuration file, <code>grub.cfg</code>, is automatically updated each time a new kernel is installed. Note that any changes to <code>/etc/default/grub</code> require rebuilding the <code>grub.cfg</code> file. To update the GRUB 2 configuration file manually, use the <pre>grub2-mkconfig -o</pre> command as follows: <ul><li>On BIOS-based machines, issue the following command as <code>root</code>: <pre>~]# grub2-mkconfig -o /boot/grub2/grub.cfg</pre></li><li>On UEFI-based machines, issue the following command as <code>root</code>: <pre>~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre></li></ul></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_grub2_page_poison_argument" id="rule-detail-idm45508564483920"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Enable page allocator poisoningxccdf_org.ssgproject.content_rule_grub2_page_poison_argument unknown</div><div class="panel-heading"><h3 class="panel-title">Enable page allocator poisoning</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_grub2_page_poison_argument</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:04</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>To enable poisoning of free pages, add the argument <code>page_poison=1</code> to the default GRUB 2 command line for the Linux operating system in <code>/etc/default/grub</code>, in the manner below: <pre>GRUB_CMDLINE_LINUX="page_poison=1"</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Poisoning writes an arbitrary value to freed pages, so any modification or reference to that page after being freed or before being initialized will be detected and prevented. This prevents many types of use-after-free vulnerabilities at little performance cost. Also prevents leak of data and detection of corrupted memory.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â The GRUB 2 configuration file, <code>grub.cfg</code>, is automatically updated each time a new kernel is installed. Note that any changes to <code>/etc/default/grub</code> require rebuilding the <code>grub.cfg</code> file. To update the GRUB 2 configuration file manually, use the <pre>grub2-mkconfig -o</pre> command as follows: <ul><li>On BIOS-based machines, issue the following command as <code>root</code>: <pre>~]# grub2-mkconfig -o /boot/grub2/grub.cfg</pre></li><li>On UEFI-based machines, issue the following command as <code>root</code>: <pre>~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre></li></ul></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sysctl_kernel_kptr_restrict" id="rule-detail-idm45508564471392"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Restrict exposed kernel pointers addresses accessxccdf_org.ssgproject.content_rule_sysctl_kernel_kptr_restrict low</div><div class="panel-heading"><h3 class="panel-title">Restrict exposed kernel pointers addresses access</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sysctl_kernel_kptr_restrict</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:04</td></tr><tr><td>Severity</td><td>low</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R23)</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To set the runtime status of the <code>kernel.kptr_restrict</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.kptr_restrict=1</pre> If this is not the system default value, add the following line to <code>/etc/sysctl.conf</code>: <pre>kernel.kptr_restrict = 1</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Exposing kernel pointers (through procfs or <code>seq_printf()</code>) exposes kernel writeable structures that can contain functions pointers. If a write vulnereability occurs in the kernel allowing a write access to any of this structure, the kernel can be compromise. This option disallow any program withtout the CAP_SYSLOG capability from getting the kernel pointers addresses, replacing them with 0.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sysctl_kernel_kexec_load_disabled" id="rule-detail-idm45508564463584"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable kernel image loadingxccdf_org.ssgproject.content_rule_sysctl_kernel_kexec_load_disabled unknown</div><div class="panel-heading"><h3 class="panel-title">Disable kernel image loading</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sysctl_kernel_kexec_load_disabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:04</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>To set the runtime status of the <code>kernel.kexec_load_disabled</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.kexec_load_disabled=1</pre> If this is not the system default value, add the following line to <code>/etc/sysctl.conf</code>: <pre>kernel.kexec_load_disabled = 1</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Disabling kexec_load allows greater control of the kernel memory. It makes it impossible to load another kernel image after it has been disabled. </p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_grub2_vsyscall_argument" id="rule-detail-idm45508564460496"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable vsyscallsxccdf_org.ssgproject.content_rule_grub2_vsyscall_argument unknown</div><div class="panel-heading"><h3 class="panel-title">Disable vsyscalls</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_grub2_vsyscall_argument</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:04</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>To disable use of virtual syscalls, add the argument <code>vsyscall=none</code> to the default GRUB 2 command line for the Linux operating system in <code>/etc/default/grub</code>, in the manner below: <pre>GRUB_CMDLINE_LINUX="vsyscall=none"</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Virtual Syscalls provide an opportunity of attack for a user who has control of the return instruction pointer.</p></div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span>Â The GRUB 2 configuration file, <code>grub.cfg</code>, is automatically updated each time a new kernel is installed. Note that any changes to <code>/etc/default/grub</code> require rebuilding the <code>grub.cfg</code> file. To update the GRUB 2 configuration file manually, use the <pre>grub2-mkconfig -o</pre> command as follows: <ul><li>On BIOS-based machines, issue the following command as <code>root</code>: <pre>~]# grub2-mkconfig -o /boot/grub2/grub.cfg</pre></li><li>On UEFI-based machines, issue the following command as <code>root</code>: <pre>~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre></li></ul></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sysctl_kernel_yama_ptrace_scope" id="rule-detail-idm45508564457472"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Restrict usage of ptrace to descendant processesxccdf_org.ssgproject.content_rule_sysctl_kernel_yama_ptrace_scope unknown</div><div class="panel-heading"><h3 class="panel-title">Restrict usage of ptrace to descendant processes</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sysctl_kernel_yama_ptrace_scope</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:04</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td>Description</td><td><div class="description"><p>To set the runtime status of the <code>kernel.yama.ptrace_scope</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.yama.ptrace_scope=1</pre> If this is not the system default value, add the following line to <code>/etc/sysctl.conf</code>: <pre>kernel.yama.ptrace_scope = 1</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unrestricted usage of ptrace allows compromised binaries to run ptrace on another processes of the user. Like this, the attacker can steal sensitive information from the target processes (e.g. SSH sessions, web browser, ...) without any additional assistance from the user (i.e. without resorting to phishing). </p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sysctl_kernel_dmesg_restrict" id="rule-detail-idm45508564454432"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Restrict Access to Kernel Message Bufferxccdf_org.ssgproject.content_rule_sysctl_kernel_dmesg_restrict unknownCCE-27050-4 </div><div class="panel-heading"><h3 class="panel-title">Restrict Access to Kernel Message Buffer</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sysctl_kernel_dmesg_restrict</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:04</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27050-4">CCE-27050-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="http://iase.disa.mil/stigs/cci/Pages/index.aspx">CCI-001314</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-11</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>To set the runtime status of the <code>kernel.dmesg_restrict</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.dmesg_restrict=1</pre> If this is not the system default value, add the following line to <code>/etc/sysctl.conf</code>: <pre>kernel.dmesg_restrict = 1</pre></p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Unprivileged access to the kernel syslog can expose sensitive kernel address information.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-fail rule-detail-id-xccdf_org.ssgproject.content_rule_mount_option_dev_shm_noexec" id="rule-detail-idm45508564450752"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Add noexec Option to /dev/shmxccdf_org.ssgproject.content_rule_mount_option_dev_shm_noexec unknownCCE-80153-0 </div><div class="panel-heading"><h3 class="panel-title">Add noexec Option to /dev/shm</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_mount_option_dev_shm_noexec</td></tr><tr><td>Result</td><td class="rule-result rule-result-fail"><div><abbr title="The target system or system component did not satisfy at least one condition of the rule.">fail</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:04</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80153-0">CCE-80153-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.1.17</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MP-2</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The <code>noexec</code> mount option can be used to prevent binaries from being executed out of <code>/dev/shm</code>. It can be dangerous to allow the execution of binaries from world-writable temporary storage directories such as <code>/dev/shm</code>. Add the <code>noexec</code> option to the fourth column of <code>/etc/fstab</code> for the line which controls mounting of <code>/dev/shm</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>Allowing users to execute binaries from world-writable directories such as <code>/dev/shm</code> can expose the system to potential compromise.</p></div></td></tr><tr><td colspan="2"><div class="remediation"><span class="label label-success">Remediation Shell script:</span>Â Â Â <a data-toggle="collapse" data-target="#idm45508567644992">(show)</a><br></br><div class="panel-collapse collapse" id="idm45508567644992"><pre><code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_function_include_mount_options_functions">function include_mount_options_functions { : } # $1: mount point # $2: new mount point option function ensure_mount_option_in_fstab { local _mount_point="$1" _new_opt="$2" _mount_point_match_regexp="" _previous_mount_opts="" _mount_point_match_regexp="$(get_mount_point_regexp "$_mount_point")" if [ $(grep "$_mount_point_match_regexp" /etc/fstab | grep -c "$_new_opt" ) -eq 0 ]; then _previous_mount_opts=$(grep "$_mount_point_match_regexp" /etc/fstab | awk '{print $4}') sed -i "s|\(${_mount_point_match_regexp}.*${_previous_mount_opts}\)|\1,${_new_opt}|" /etc/fstab fi } # $1: mount point function get_mount_point_regexp { printf "[[:space:]]%s[[:space:]]" "$1" } # $1: mount point function assert_mount_point_in_fstab { local _mount_point_match_regexp _mount_point_match_regexp="$(get_mount_point_regexp "$1")" grep "$_mount_point_match_regexp" -q /etc/fstab \ || { echo "The mount point '$1' is not even in /etc/fstab, so we can't set up mount options" >&2; return 1; } } # $1: mount point function remove_defaults_from_fstab_if_overriden { local _mount_point_match_regexp _mount_point_match_regexp="$(get_mount_point_regexp "$1")" if $(grep "$_mount_point_match_regexp" /etc/fstab | grep -q "defaults,") then sed -i "s|\(${_mount_point_match_regexp}.*\)defaults,|\1|" /etc/fstab fi } # $1: mount point function ensure_partition_is_mounted { local _mount_point="$1" mkdir -p "$_mount_point" || return 1 if mountpoint -q "$_mount_point"; then mount -o remount --target "$_mount_point" else mount --target "$_mount_point" fi } </abbr> include_mount_options_functions function perform_remediation { # test "$mount_has_to_exist" = 'yes' if test "yes" = 'yes'; then assert_mount_point_in_fstab /dev/shm || { echo "Not remediating, because there is no record of /dev/shm in /etc/fstab" >&2; return 1; } fi ensure_mount_option_in_fstab "/dev/shm" "noexec" ensure_partition_is_mounted "/dev/shm" } perform_remediation </code></pre></div></div></td></tr><tr><td colspan="2"><div class="remediation"><span class="label label-success">Remediation Ansible snippet:</span>Â Â Â <a data-toggle="collapse" data-target="#idm45508567646800">(show)</a><br></br><div class="panel-collapse collapse" id="idm45508567646800"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>high</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: get back device associated to mountpoint shell: mount | grep ' /dev/shm ' |cut -d ' ' -f 1 register: device_name check_mode: no tags: - mount_option_dev_shm_noexec - unknown_severity - configure_strategy - low_complexity - high_disruption - CCE-80153-0 - NIST-800-53-CM-7 - NIST-800-53-MP-2 - name: get back device previous mount option shell: mount | grep ' /dev/shm ' | sed -re 's:.*\((.*)\):\1:' register: device_cur_mountoption check_mode: no tags: - mount_option_dev_shm_noexec - unknown_severity - configure_strategy - low_complexity - high_disruption - CCE-80153-0 - NIST-800-53-CM-7 - NIST-800-53-MP-2 - name: get back device fstype shell: mount | grep ' /dev/shm ' | cut -d ' ' -f 5 register: device_fstype check_mode: no tags: - mount_option_dev_shm_noexec - unknown_severity - configure_strategy - low_complexity - high_disruption - CCE-80153-0 - NIST-800-53-CM-7 - NIST-800-53-MP-2 - name: Ensure permission noexec are set on /dev/shm mount: path: "/dev/shm" src: "{{device_name.stdout}}" opts: "{{device_cur_mountoption.stdout}},noexec" state: "mounted" fstype: "{{device_fstype.stdout}}" tags: - mount_option_dev_shm_noexec - unknown_severity - configure_strategy - low_complexity - high_disruption - CCE-80153-0 - NIST-800-53-CM-7 - NIST-800-53-MP-2 </code></pre></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nosuid" id="rule-detail-idm45508564423856"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Add nosuid Option to /dev/shmxccdf_org.ssgproject.content_rule_mount_option_dev_shm_nosuid unknownCCE-80154-8 </div><div class="panel-heading"><h3 class="panel-title">Add nosuid Option to /dev/shm</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nosuid</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:04</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80154-8">CCE-80154-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.1.16</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MP-2</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The <code>nosuid</code> mount option can be used to prevent execution of setuid programs in <code>/dev/shm</code>. The SUID and SGID permissions should not be required in these world-writable directories. Add the <code>nosuid</code> option to the fourth column of <code>/etc/fstab</code> for the line which controls mounting of <code>/dev/shm</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The presence of SUID and SGID executables should be tightly controlled. Users should not be able to execute SUID or SGID binaries from temporary storage partitions.</p></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nodev" id="rule-detail-idm45508564414896"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Add nodev Option to /dev/shmxccdf_org.ssgproject.content_rule_mount_option_dev_shm_nodev unknownCCE-80152-2 </div><div class="panel-heading"><h3 class="panel-title">Add nodev Option to /dev/shm</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nodev</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Time</td><td>2018-09-25T23:09:04</td></tr><tr><td>Severity</td><td>unknown</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span>Â <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80152-2">CCE-80152-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span>Â <a href="https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf">1.1.15</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MP-2</a></p></td></tr><tr><td>Description</td><td><div class="description"><p>The <code>nodev</code> mount option can be used to prevent creation of device files in <code>/dev/shm</code>. Legitimate character and block devices should not exist within temporary directories like <code>/dev/shm</code>. Add the <code>nodev</code> option to the fourth column of <code>/etc/fstab</code> for the line which controls mounting of <code>/dev/shm</code>.</p></div></td></tr><tr><td>Rationale</td><td><div class="rationale"><p>The only legitimate location for device files is the <code>/dev</code> directory located on the root partition. The only exception to this is chroot jails.</p></div></td></tr></tbody></table></div></div><a href="#result-details"><button type="button" class="btn btn-secondary">Scroll back to the first rule</button></a></div><div id="rear-matter"><div class="row top-spacer-10"><div class="col-md-12 well well-lg"><div class="rear-matter">Red Hat and Red Hat Enterprise Linux are either registered trademarks or trademarks of Red Hat, Inc. in the United States and other countries. All other names are registered trademarks or trademarks of their respective companies. </div></div></div></div></div></div><footer id="footer"><div class="container"><p class="muted credit"> Generated using <a href="http://open-scap.org">OpenSCAP</a> 1.2.17</p></div></footer></body></html>
View Attachment As Raw
Actions:
View
Attachments on
bug 1619689
: 1486946